WSO2 Patches Critical Flaws in API, Identity Tools
WSO2 has issued critical security advisories to address two severe access control vulnerabilities—CVE-2025-9804 and CVE-2025-10611—impacting its API Manager and Identity Server products. The company moved quickly after identifying the flaws, which could allow unauthorized access to sensitive enterprise systems. These WSO2 patches for critical flaws aim to prevent potential exploitation in production environments.
The vulnerabilities affect multiple product versions and pose significant risk to organizations relying on WSO2 for API management and identity services. Security researchers flagged the issues as high-priority due to the potential for privilege escalation and unauthorized system control. WSO2 patched the critical flaws and urged users to upgrade immediately to secure their deployments.
In addition to CVE-2025-9804 and CVE-2025-10611, the advisory also references other issues, including CVE-2025-11371 and CVE-2025-61882. Users can find detailed patch instructions and mitigation steps on the official advisory page.