What is CVE-2025-8325?

CVE-2025-8325 is a medium-severity vulnerability in Wso2 Api_control_plane, classified under Improper Preservation of Permissions. CVSS score: 6.3/10. Published 2026-05-11.

How severe is CVE-2025-8325?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Wso2 Api_control_plane

CVE-2025-8325

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Interna…

EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Wso2 Api_control_plane
Wso2 Api_manager
Wso2 Traffic_manager
Wso2 Universal_gateway
Wso2 Api Control Plane — versions 4.5.0
Wso2 Api Manager — versions 0, 3.2.0, 3.2.1
Wso2 Carbon Api Management Implementation — versions 6.7.206, 6.7.210, 9.0.174
Wso2 Carbon Api Manager Rest Utility — versions 6.7.206, 6.7.210, 9.0.174
Wso2 Traffic Manager — versions 4.5.0
Wso2 Universal Gateway — versions 4.5.0

Weakness classification (CWE)

CWE-281 — Improper Preservation of Permissions

References

ed10eef1-636d-4fbe-9993-6890dfa878f8 (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2025-8325?: CVE-2025-8325 is a medium-severity vulnerability in Wso2 Api_control_plane, classified under Improper Preservation of Permissions. CVSS score: 6.3/10. Published 2026-05-11.
How severe is CVE-2025-8325?: Medium severity. CVSS v3 base score is 6.3 out of 10.