{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.2.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.10.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.11.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1.0-NA" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "4.5.0-NA" }, { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.2.0" }, { "introduced": "0" }, { "last_affected": "4.0.0" }, { "introduced": "0" }, { "last_affected": "4.1.0-NA" }, { "introduced": "0" }, { "last_affected": "4.2.0-NA" }, { "introduced": "0" }, { "last_affected": "4.3.0-NA" }, { "introduced": "0" }, { "last_affected": "4.4.0-NA" }, { "introduced": "0" }, { "last_affected": "4.5.0-NA" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "4.5.0" }, { "introduced": "0" }, { "last_affected": "4.5.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "f84a64d6683176f3ffb57fa262f3035b69781f2f" }, { "introduced": "0" }, { "last_affected": "2971de274564b622974de831403e9688a4a76c14" }, { "introduced": "0" }, { "last_affected": "e4956e9301b1c26eb06e80ec5c86628154b6ab55" }, { "introduced": "0" }, { "last_affected": "cf00d9e6cb083f94abae11818794f62cd5c94079" }, { "introduced": "0" }, { "last_affected": "9f152cad69fafd010fae1ed02b636409f0860b91" }, { "introduced": "0" }, { "last_affected": "572610e8e6564a647044bdb454eda658e1253352" }, { "introduced": "0" }, { "last_affected": "6e7a9db24a575f1f4a5bc4f4cbb41687c308c466" }, { "introduced": "0" }, { "last_affected": "c97258caec907ea69c289c80ff708a214c3372dc" }, { "introduced": "0" }, { "last_affected": "f84a64d6683176f3ffb57fa262f3035b69781f2f" }, { "introduced": "0" }, { "last_affected": "2d31e24faeeb97e70d7f19033ccff2f843f8c892" }, { "introduced": "0" }, { "last_affected": "2d31e24faeeb97e70d7f19033ccff2f843f8c892" }, { "introduced": "0" }, { "last_affected": "f84a64d6683176f3ffb57fa262f3035b69781f2f" }, { "introduced": "0" }, { "last_affected": "f84a64d6683176f3ffb57fa262f3035b69781f2f" } ], "repo": "https://github.com/wso2/product-apim", "type": "GIT" } ] } ], "details": "An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities.\n\nA successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.", "id": "CVE-2025-10713", "modified": "2026-03-10T21:53:32.954245849Z", "published": "2025-11-05T18:15:32.247Z", "references": [ { "type": "ADVISORY", "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" } ] }