What is CVE-2025-10713?

CVE-2025-10713 is a medium-severity vulnerability in Wso2 Org.wso2.carbon.mediation:org.wso2.carbon.localentry, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.5/10. Published 2025-11-05.

How severe is CVE-2025-10713?

Medium severity. CVSS v3 base score is 6.5 out of 10.

XXE in Wso2 Org.wso2.carbon.mediation:org.wso2.carbon.localentry

CVE-2025-10713

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H.

Affected products

Wso2 Org.wso2.carbon.mediation:org.wso2.carbon.localentry — versions 4.7.30, 4.7.61, 4.7.99
Wso2 Api Control Plane — versions 4.5.0
Wso2 Api Manager — versions 0, 3.1.0, 3.2.0
Wso2 Enterprise Integrator — versions 0, 6.6.0
Wso2 Identity Server — versions 0, 5.10.0, 5.11.0
Wso2 Identity Server As Key Manager — versions 0, 5.10.0
Wso2 Open Banking Am — versions 0, 2.0.0
Wso2 Open Banking Iam — versions 0, 2.0.0
Wso2 Traffic Manager — versions 4.5.0
Wso2 Universal Gateway — versions 4.5.0

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

security.docs.wso2.com/en/latest/security-announcements/security-advisories/202… (vendor-advisory)

Frequently asked questions

What is CVE-2025-10713?: CVE-2025-10713 is a medium-severity vulnerability in Wso2 Org.wso2.carbon.mediation:org.wso2.carbon.localentry, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.5/10. Published 2025-11-05.
How severe is CVE-2025-10713?: Medium severity. CVSS v3 base score is 6.5 out of 10.