CVE-2025-10907
Published: 05 November 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-10907 is an arbitrary file upload vulnerability affecting multiple WSO2 products, caused by insufficient validation of uploaded content and destination in SOAP admin services. Published on 2025-11-05, it allows a malicious actor with administrative privileges to upload a specially crafted file to a user-controlled location within the deployment. The issue is classified under CWE-434 and carries a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Exploitation requires administrative access to the affected SOAP services. An attacker with such privileges can upload a malicious file, which may lead to remote code execution (RCE) on the server, depending on how the file is subsequently processed. The adjacent network access vector (AV:A) and high privileges requirement (PR:H) limit the blast radius, but successful scope change (S:C) enables high-impact confidentiality, integrity, and availability violations.
Mitigation guidance is available in the WSO2 security advisory at https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4603/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Arbitrary file upload in authenticated SOAP admin services enables exploitation of remote services for RCE (T1210) and facilitates web shell deployment (T1505.003).