CVE-2025-2905 (GCVE-0-2025-2905)
Vulnerability from cvelistv5
Published
2025-05-05 09:02
Modified
2025-10-16 11:39
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Summary
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the server’s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.
References
Impacted products
Vendor Product Version
WSO2 WSO2 API Manager Version: 0   < 2.0.0
Version: 2.1.0   <
Version: 2.2.0   <
Version: 2.5.0   <
Version: 2.6.0   <
Version: 3.0.0   <
Version: 3.1.0   <
Version: 4.0.0   < 4.0.0.311
Version: 4.1.0   < 4.1.0.152
Version: 4.2.0   < 4.2.0.122
 Create a notification for this product.
   WSO2 WSO2 Enterprise Integrator Version: 6.0.0   <
Version: 6.1.0   <
Version: 6.1.1   <
Version: 6.2.0   <
Version: 6.3.0   <
Version: 6.4.0   <
Version: 6.5.0   <
Version: 6.6.0   <
Create a notification for this product.
   WSO2 WSO2 Enterprise Service Bus Version: 4.9.0   <
Version: 5.0.0   <
Create a notification for this product.
   WSO2 WSO2 Micro integrator Version: 1.0.0   <
Version: 1.1.0   <
Version: 1.2.0   < 1.2.0.162
Version: 4.0.0   < 4.0.0.132
Version: 4.1.0   < 4.1.0.115
Version: 4.2.0   < 4.2.0.112
 Create a notification for this product.
   WSO2 WSO2 Open Banking AM Version: 1.5.0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-05T12:44:33.257401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T12:45:10.518Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 API Manager",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2.1.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2.2.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2.5.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2.6.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "3.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.0.311",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.0.152",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.0.122",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Enterprise Integrator",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "6.0.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.1.1",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Enterprise Service Bus",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "4.9.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "4.9.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Micro integrator",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "1.0.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "1.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.2.0.162",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.0.132",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.0.115",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.0.112",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Open Banking AM",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "1.5.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "1.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "crnkovic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products.\u003cbr\u003e\u003cbr\u003eA successful XXE attack could allow a remote, unauthenticated attacker to:\u003cbr\u003e\u003cul\u003e\u003cli\u003eRead sensitive files from the server\u2019s filesystem.\u003c/li\u003e\u003cli\u003ePerform denial-of-service (DoS) attacks, which can render the affected service unavailable.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products.\n\nA successful XXE attack could allow a remote, unauthenticated attacker to:\n  *  Read sensitive files from the server\u2019s filesystem.\n  *  Perform denial-of-service (DoS) attacks, which can render the affected service unavailable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-16T11:39:21.741Z",
        "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "shortName": "WSO2"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3993/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Follow the instructions given on\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3993/#solution\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3...\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "Follow the instructions given on\u00a0 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3993/#solution"
        }
      ],
      "source": {
        "advisory": "WSO2-2025-3993",
        "discovery": "EXTERNAL"
      },
      "title": "An XML External Entity (XXE) vulnerability in Multiple WSO2 Products",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
    "assignerShortName": "WSO2",
    "cveId": "CVE-2025-2905",
    "datePublished": "2025-05-05T09:02:01.489Z",
    "dateReserved": "2025-03-28T08:46:09.062Z",
    "dateUpdated": "2025-10-16T11:39:21.741Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-2905\",\"sourceIdentifier\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"published\":\"2025-05-05T09:15:15.923\",\"lastModified\":\"2025-10-16T12:15:47.167\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products.\\n\\nA successful XXE attack could allow a remote, unauthenticated attacker to:\\n  *  Read sensitive files from the server\u2019s filesystem.\\n  *  Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de Entidad Externa XML (XXE) en el componente de puerta de enlace de WSO2 API Manager debido a una validaci\u00f3n insuficiente de la entrada XML en rutas URL manipulada. El XML proporcionado por el usuario se analiza sin las restricciones adecuadas, lo que permite la resoluci\u00f3n de entidades externas. Esta vulnerabilidad puede ser explotada por un atacante remoto no autenticado para leer archivos del sistema de archivos del servidor o realizar ataques de denegaci\u00f3n de servicio (DoS). * En sistemas con JDK 7 o versiones anteriores de JDK 8, el contenido completo de los archivos puede quedar expuesto. * En versiones posteriores de JDK 8 y posteriores, solo se puede leer la primera l\u00ednea de un archivo, gracias a mejoras en el comportamiento del analizador XML. * Los ataques DoS, como los payloads \\\"Billion Laughs\\\", pueden causar interrupciones del servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0\",\"matchCriteriaId\":\"D867B74E-5FA8-46AF-86D2-FFD478CD5ACC\"}]}]}],\"references\":[{\"url\":\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3993/\",\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2905\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-05T12:44:33.257401Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T12:44:38.267Z\"}}], \"cna\": {\"title\": \"An XML External Entity (XXE) vulnerability in Multiple WSO2 Products\", \"source\": {\"advisory\": \"WSO2-2025-3993\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"crnkovic\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WSO2\", \"product\": \"WSO2 API Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"2.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"2.2.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"2.5.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"2.6.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.0.0.311\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.0.152\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.2.0\", \"lessThan\": \"4.2.0.122\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Enterprise Integrator\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"6.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.1.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.3.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.5.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Enterprise Service Bus\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"4.9.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.9.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Micro integrator\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"1.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.1.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.2.0\", \"lessThan\": \"1.2.0.162\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.0.0.132\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.0.115\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.2.0\", \"lessThan\": \"4.2.0.112\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WSO2\", \"product\": \"WSO2 Open Banking AM\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"1.5.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.5.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Follow the instructions given on\\u00a0 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3993/#solution\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Follow the instructions given on\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3993/#solution\\\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3...\u003c/a\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3993/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products.\\n\\nA successful XXE attack could allow a remote, unauthenticated attacker to:\\n  *  Read sensitive files from the server\\u2019s filesystem.\\n  *  Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products.\u003cbr\u003e\u003cbr\u003eA successful XXE attack could allow a remote, unauthenticated attacker to:\u003cbr\u003e\u003cul\u003e\u003cli\u003eRead sensitive files from the server\\u2019s filesystem.\u003c/li\u003e\u003cli\u003ePerform denial-of-service (DoS) attacks, which can render the affected service unavailable.\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"shortName\": \"WSO2\", \"dateUpdated\": \"2025-10-16T11:39:21.741Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-2905\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-16T11:39:21.741Z\", \"dateReserved\": \"2025-03-28T08:46:09.062Z\", \"assignerOrgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"datePublished\": \"2025-05-05T09:02:01.489Z\", \"assignerShortName\": \"WSO2\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.