What is CVE-2025-10470?

CVE-2025-10470 is a high-severity vulnerability in Wso2 Identity_server, classified under Uncontrolled Resource Consumption. CVSS score: 8.6/10. Published 2026-05-11.

How severe is CVE-2025-10470?

High severity. CVSS v3 base score is 8.6 out of 10.

Resource exhaustion in Wso2 Identity_server

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service cond…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

Affected products

Wso2 Identity_server
Wso2 Carbon Magiclink Authenticator Module — versions 1.1.22, 1.1.31
Wso2 Identity Server — versions 7.0.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

ed10eef1-636d-4fbe-9993-6890dfa878f8 (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2025-10470?: CVE-2025-10470 is a high-severity vulnerability in Wso2 Identity_server, classified under Uncontrolled Resource Consumption. CVSS score: 8.6/10. Published 2026-05-11.
How severe is CVE-2025-10470?: High severity. CVSS v3 base score is 8.6 out of 10.