CVE-2025-6024 (GCVE-0-2025-6024)
Vulnerability from cvelistv5
Published
2026-04-16 09:48
Modified
2026-04-16 12:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.
An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious website, manipulation of the web page's user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WSO2 | WSO2 API Manager |
Version: 3.1.0 < 3.1.0.351 Version: 3.2.0 < 3.2.0.455 Version: 3.2.1 < 3.2.1.74 Version: 4.0.0 < 4.0.0.375 Version: 4.1.0 < 4.1.0.238 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T12:19:54.071212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:30:22.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WSO2 API Manager",
"vendor": "WSO2",
"versions": [
{
"lessThan": "3.1.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.1.0.351",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.455",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.2.1.74",
"status": "affected",
"version": "3.2.1",
"versionType": "custom"
},
{
"lessThan": "4.0.0.375",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.1.0.238",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.10.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.10.0.360",
"status": "affected",
"version": "5.10.0",
"versionType": "custom"
},
{
"lessThan": "5.11.0.405",
"status": "affected",
"version": "5.11.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user\u0027s browser being redirected to a malicious website, manipulation of the web page\u0027s user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies."
}
],
"value": "The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user\u0027s browser being redirected to a malicious website, manipulation of the web page\u0027s user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies."
}
],
"impacts": [
{
"capecId": "CAPEC-104",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-104 CAPEC-104: Cross-Site Scripting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T09:48:45.244Z",
"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"shortName": "WSO2"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution"
}
],
"source": {
"advisory": "WSO2-2025-4251",
"discovery": "INTERNAL"
},
"title": "Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"assignerShortName": "WSO2",
"cveId": "CVE-2025-6024",
"datePublished": "2026-04-16T09:48:45.244Z",
"dateReserved": "2025-06-12T09:23:00.709Z",
"dateUpdated": "2026-04-16T12:30:22.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6024\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-16T12:19:54.071212Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-16T12:19:55.303Z\"}}], \"cna\": {\"title\": \"Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites\", \"source\": {\"advisory\": \"WSO2-2025-4251\", \"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-104\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-104 CAPEC-104: Cross-Site Scripting\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WSO2\", \"product\": \"WSO2 API Manager\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"3.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.1.0\", \"lessThan\": \"3.1.0.351\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.2.0\", \"lessThan\": \"3.2.0.455\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.2.1\", \"lessThan\": \"3.2.1.74\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.0.0.375\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.0.238\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Identity Server\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"5.10.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.10.0\", \"lessThan\": \"5.10.0.360\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.11.0\", \"lessThan\": \"5.11.0.405\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: transparent;\\\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution\\\"\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user\u0027s browser being redirected to a malicious website, manipulation of the web page\u0027s user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user\u0027s browser being redirected to a malicious website, manipulation of the web page\u0027s user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"shortName\": \"WSO2\", \"dateUpdated\": \"2026-04-16T09:48:45.244Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-6024\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-16T12:30:22.824Z\", \"dateReserved\": \"2025-06-12T09:23:00.709Z\", \"assignerOrgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"datePublished\": \"2026-04-16T09:48:45.244Z\", \"assignerShortName\": \"WSO2\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…