Plateforme
java
Composant
wso2-micro-integrator
Corrigé dans
4.0.0.145
4.1.0.147
4.2.0.141
4.3.0.42
4.4.0.27
3.1.0.345
3.2.0.446
3.2.1.66
4.0.0.366
4.1.0.228
4.2.0.169
4.3.0.81
4.4.0.45
4.5.0.28
6.6.0.224
4.5.0.27
4.5.0.29
4.5.0.27
2.0.0.414
2.0.0.394
5.10.0.365
2.1.7.wso2v227_99
2.1.7.wso2v271_88
2.1.7.wso2v143_121
2.1.7.wso2v319_13
2.1.7.wso2v183_72
4.0.0.wso2v119_27
4.0.0.wso2v20_93
4.0.0.wso2v215_26
4.0.0.wso2v218_1
4.0.0.wso2v105_13
4.0.0.wso2v131_5
2.1.7.wso2v227_99
2.1.7.wso2v271_88
2.1.7.wso2v143_121
2.1.7.wso2v319_13
2.1.7.wso2v183_72
4.0.0.wso2v119_27
4.0.0.wso2v20_93
4.0.0.wso2v215_26
4.0.0.wso2v218_1
4.0.0.wso2v105_13
4.0.0.wso2v131_5
CVE-2025-11093 describes an arbitrary code execution (RCE) vulnerability affecting WSO2 Micro Integrator. This vulnerability allows authenticated users with elevated privileges to execute arbitrary code within the integration runtime environment, potentially leading to complete system compromise. The vulnerability impacts versions 0.0.0 through 6.6.0.224, and a fix is available in version 6.6.0.224.
The impact of CVE-2025-11093 is significant due to the potential for arbitrary code execution. An attacker who has successfully authenticated and obtained elevated privileges within WSO2 Micro Integrator can leverage this vulnerability to execute malicious code on the server. This could involve installing malware, stealing sensitive data, modifying system configurations, or establishing persistent access. The blast radius extends to any data processed by the integration runtime, and the attacker could potentially pivot to other systems within the network if the Micro Integrator instance has access to them. The vulnerability's reliance on authenticated access, while limiting initial exploitation, makes it particularly concerning in environments with compromised user accounts or weak privilege management.
CVE-2025-11093 was publicly disclosed on 2025-11-05. The vulnerability is considered to have a medium exploitation probability based on the requirement for authenticated, privileged access. No public proof-of-concept exploits have been publicly released at the time of writing, but the nature of the vulnerability suggests that such exploits are likely to emerge. The vulnerability has not yet been added to the CISA KEV catalog.
Organizations utilizing WSO2 Micro Integrator for integration workflows, particularly those with complex privilege structures or legacy configurations, are at risk. Shared hosting environments where multiple users have administrative access to the WSO2 Micro Integrator instance are also particularly vulnerable.
• linux / server:
journalctl -u wso2mi -g "GraalJS" -g "NashornJS"• generic web:
curl -I http://<wso2mi_host>/scripting/evaluate• java / supply-chain: Check for unusual process executions related to GraalJS or NashornJS within the WSO2 Micro Integrator runtime environment. Monitor system logs for errors or warnings related to script execution.
disclosure
Statut de l'Exploit
EPSS
0.23% (percentile 46%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-11093 is to upgrade WSO2 Micro Integrator to version 6.6.0.224 or later, which contains the fix. If immediate upgrading is not possible, consider restricting access to the GraalJS and NashornJS Script Mediator engines to only trusted administrators. Implement strict input validation and sanitization for any data passed to these scripting engines. Review user privileges and ensure the principle of least privilege is enforced. Monitor logs for suspicious activity related to script execution. After upgrading, confirm the fix by attempting to execute a known malicious script and verifying that it is blocked.
Actualice a la última versión de WSO2 Micro Integrator, WSO2 Enterprise Integrator o WSO2 API Manager que contenga la corrección para esta vulnerabilidad. Consulte el anuncio de seguridad de WSO2 para obtener detalles específicos sobre las versiones corregidas y los pasos de actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-11093 is a Remote Code Execution vulnerability in WSO2 Micro Integrator versions 0.0.0 - 6.6.0.224, allowing authenticated, privileged users to execute arbitrary code.
If you are running WSO2 Micro Integrator versions 0.0.0 through 6.6.0.224 and have users with elevated privileges, you are potentially affected by this vulnerability.
Upgrade WSO2 Micro Integrator to version 6.6.0.224 or later. As a temporary workaround, restrict access to the GraalJS and NashornJS Script Mediator engines.
While no public exploits are currently known, the vulnerability's nature suggests exploitation is likely. Monitor your systems closely.
Refer to the official WSO2 security advisory for detailed information and updates: [https://wso2.com/security/vulnerability/CVE-2025-11093/](https://wso2.com/security/vulnerability/CVE-2025-11093/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.