CVE-2025-10713

Medium

Published: 05 November 2025

Published

05 November 2025

Modified

04 December 2025

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0007 21.9th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10713 is a medium-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Wso2 Api Manager. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validation of user-supplied XML inputs to reject or sanitize malicious external entities, directly preventing XXE exploitation for file disclosure or DoS.

CM-6 Configuration Settings good match

prevent

CM-6 mandates secure configuration settings for the XML parser to disable external entity resolution, addressing the root cause of improper parser configuration in this CVE.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely remediation of the identified XXE flaw through patching as recommended in the WSO2 advisory, eliminating the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

XXE vulnerability in public-facing WSO2 products enables exploitation of public-facing application (T1190), arbitrary file reads from server filesystem (T1005), and DoS via entity expansion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,…

unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.

Deeper analysisAI

CVE-2025-10713 is an XML External Entity (XXE) vulnerability, mapped to CWE-611, affecting multiple WSO2 products. The issue arises from improper configuration of the XML parser, which processes user-supplied XML input without sufficient restrictions on external entity resolution. Published on 2025-11-05T18:15:32.247, it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H).

A remote, unauthenticated attacker can exploit this vulnerability by submitting malicious XML payloads. Successful exploitation enables the attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable, with high impacts on confidentiality and availability.

The primary advisory from WSO2 is available at https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505/, which security practitioners should review for detailed mitigation guidance, patches, and affected product versions.

Details

CWE(s): CWE-611

Affected Products

wso2

api control plane

4.5.0

wso2

api manager

3.1.0, 3.2.0, 3.2.1, 4.0.0, 4.1.0

wso2

enterprise integrator

6.6.0

wso2

identity server

5.10.0, 5.11.0, 7.1.0

wso2

open banking am

2.0.0

wso2

open banking iam

2.0.0

wso2

traffic manager

4.5.0

wso2

universal gateway

4.5.0

CVEs Like This One

CVE-2024-8010Same product: Wso2 Api Manager

CVE-2024-2374Same product: Wso2 Api Manager

CVE-2025-10907Same product: Wso2 Api Control Plane

CVE-2025-10611Same product: Wso2 Api Control Plane

CVE-2025-13590Same product: Wso2 Api Control Plane

CVE-2025-11093Same product: Wso2 Api Control Plane

CVE-2024-1524Same product: Wso2 Api Manager

CVE-2025-12531Shared CWE-611

CVE-2026-24400Shared CWE-611

CVE-2025-12107Same product: Wso2 Identity Server

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505/
Vendor Advisory · ed10eef1-636d-4fbe-9993-6890dfa878f8