Escanear grátis
HIGHCVE-2025-6670CVSS 8.8

Cross-Site Request Forgery (CSRF) em Múltiplos Produtos WSO2 via HTTP GET em Serviços de Administração

Plataforma

java

Componente

wso2-open-banking-am

Corrigido em

4.5.0.34

4.6.0.1

4.5.0.34

4.6.0.1

4.5.0.36

4.6.0.1

3.1.0.349

3.2.0.453

3.2.1.73

4.0.0.373

4.1.0.236

4.2.0.176

4.3.0.88

4.4.0.52

4.5.0.35

4.6.0.1

5.10.0.378

5.11.0.425

6.0.0.252

6.1.0.253

7.0.0.130

7.1.0.38

7.2.0.1

5.10.0.369

6.6.0.226

4.5.3.50

4.6.0.2253

4.6.1.157

4.6.2.673

4.6.3.41

4.6.4.22

4.7.1.73

4.8.1.43

4.9.0.106

4.9.26.31

4.9.27.16

4.9.28.18

4.9.33.2

4.10.9.75

4.10.42.18

4.10.101.3

AI Confidence: mediumNVDEPSS 0.0%Revisado: mai. de 2026
Ver no NVD
Salvar
Traduzindo para o seu idioma…

CVE-2025-6670 describes a Cross-Site Request Forgery (CSRF) vulnerability found in WSO2 Open Banking AM. This vulnerability allows an attacker to potentially manipulate an authenticated user's session and perform unauthorized actions within the admin services. The issue stems from the use of HTTP GET requests for state-changing operations, bypassing the effectiveness of the SameSite cookie attribute. Affected versions include those prior to 7.2.0.1, and a fix is available in version 7.2.0.1.

Java / Maven

Detecte esta CVE no seu projeto

Envie seu arquivo pom.xml e descubra na hora se você está afetado.

Enviar pom.xmlFormatos suportados: pom.xml · build.gradle

Impacto e Cenários de Ataquetraduzindo…

An attacker can exploit this CSRF vulnerability by crafting a malicious link and enticing an authenticated user to click it. Upon clicking, the user's browser will unknowingly send a request to the WSO2 Open Banking AM server, executing the attacker's intended action. This could involve modifying configurations, creating or deleting users, or performing other administrative tasks without the user's explicit consent. The potential impact is significant, as a successful exploit could lead to unauthorized access and control over the WSO2 Open Banking AM instance, potentially compromising sensitive data and disrupting services. The reliance on GET requests for state changes, despite the presence of SameSite cookies, is the root cause, making this a particularly concerning vulnerability.

Contexto de Exploraçãotraduzindo…

CVE-2025-6670 was publicly disclosed on 2025-11-18. The vulnerability's reliance on GET requests for state changes, while employing SameSite cookies, presents a unique exploitation challenge. Currently, there are no publicly available proof-of-concept exploits, but the vulnerability's ease of exploitation makes it a potential target for opportunistic attackers. It is not currently listed on the CISA KEV catalog. The CVSS score of 8.8 (HIGH) reflects the potential for significant impact.

Quem Está em Riscotraduzindo…

Organizations utilizing WSO2 Open Banking AM in production environments, particularly those with legacy configurations or shared hosting environments, are at risk. Environments where admin access is not adequately restricted or monitored are especially vulnerable. Any deployment relying on older, unpatched versions of WSO2 Open Banking AM is potentially exposed.

Passos de Detecçãotraduzindo…

• linux / server: Monitor WSO2 Open Banking AM access logs for unusual GET requests to admin endpoints. Use journalctl to filter for errors related to authentication or authorization.

journalctl -u wso2am -f | grep "CSRF"

• generic web: Use curl to test for CSRF vulnerabilities on admin endpoints. Check response headers for unexpected behavior after submitting a request.

curl -v -X GET 'https://wso2am/admin/endpoint?param=value' -b 'Cookie: SESSIONID=...'

• java: Examine WSO2 Open Banking AM code for instances where GET requests are used for state-changing operations. Look for patterns where user input is directly used in the request without proper validation.

Linha do Tempo do Ataque

  1. Disclosure

    disclosure

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido
CISA KEVNO
Exposição na InternetAlta

EPSS

0.04% (percentil 10%)

CISA SSVC

Exploraçãonone
Automatizávelno
Impacto Técnicototal

Vetor CVSS

INTELIGÊNCIA DE AMEAÇAS· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.8HIGHAttack VectorNetworkComo o atacante alcança o alvoAttack ComplexityLowCondições necessárias para explorarPrivileges RequiredNoneNível de autenticação necessárioUser InteractionRequiredSe a vítima precisa tomar uma açãoScopeUnchangedImpacto além do componente afetadoConfidentialityHighRisco de exposição de dados sensíveisIntegrityHighRisco de modificação não autorizada de dadosAvailabilityHighRisco de interrupção de serviçonextguardhq.com · Pontuação Base CVSS v3.1
O que significam essas métricas?
Attack Vector
Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
Attack Complexity
Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
Privileges Required
Nenhum — sem autenticação necessária para explorar.
User Interaction
Necessária — a vítima deve abrir um arquivo, clicar em um link ou visitar uma página.
Scope
Inalterado — impacto limitado ao componente vulnerável.
Confidentiality
Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
Integrity
Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
Availability
Alto — falha completa ou esgotamento de recursos. Negação de serviço total.

Software Afetado

Componentewso2-open-banking-am
FornecedorWSO2
Faixa afetadaCorrigido em
4.5.0 – 4.5.0.344.5.0.34
4.6.0 – 4.6.0.14.6.0.1
4.5.0 – 4.5.0.344.5.0.34
4.6.0 – 4.6.0.14.6.0.1
4.5.0 – 4.5.0.364.5.0.36
4.6.0 – 4.6.0.14.6.0.1
3.1.0 – 3.1.0.3493.1.0.349
3.2.0 – 3.2.0.4533.2.0.453
3.2.1 – 3.2.1.733.2.1.73
4.0.0 – 4.0.0.3734.0.0.373
4.1.0 – 4.1.0.2364.1.0.236
4.2.0 – 4.2.0.1764.2.0.176
4.3.0 – 4.3.0.884.3.0.88
4.4.0 – 4.4.0.524.4.0.52
4.5.0 – 4.5.0.354.5.0.35
4.6.0 – 4.6.0.14.6.0.1
5.10.0 – 5.10.0.3785.10.0.378
5.11.0 – 5.11.0.4255.11.0.425
6.0.0 – 6.0.0.2526.0.0.252
6.1.0 – 6.1.0.2536.1.0.253
7.0.0 – 7.0.0.1307.0.0.130
7.1.0 – 7.1.0.387.1.0.38
7.2.0 – 7.2.0.17.2.0.1
5.10.0 – 5.10.0.3695.10.0.369
6.6.0 – 6.6.0.2266.6.0.226
4.5.3 – 4.5.3.504.5.3.50
4.6.0 – 4.6.0.22534.6.0.2253
4.6.1 – 4.6.1.1574.6.1.157
4.6.2 – 4.6.2.6734.6.2.673
4.6.3 – 4.6.3.414.6.3.41
4.6.4 – 4.6.4.224.6.4.22
4.7.1 – 4.7.1.734.7.1.73
4.8.1 – 4.8.1.434.8.1.43
4.9.0 – 4.9.0.1064.9.0.106
4.9.26 – 4.9.26.314.9.26.31
4.9.27 – 4.9.27.164.9.27.16
4.9.28 – 4.9.28.184.9.28.18
4.9.33 – 4.9.33.24.9.33.2
4.10.9 – 4.10.9.754.10.9.75
4.10.42 – 4.10.42.184.10.42.18
4.10.101 – 4.10.101.34.10.101.3

Classificação de Fraqueza (CWE)

CWE-352

Linha do tempo

  1. Reservado
  2. Publicada
  3. EPSS atualizado

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2025-6670 is to upgrade WSO2 Open Banking AM to version 7.2.0.1 or later, which includes the fix for this vulnerability. If an immediate upgrade is not feasible, consider implementing temporary workarounds to reduce the attack surface. These may include restricting access to admin services to trusted networks, implementing stricter input validation on all admin endpoints, and carefully reviewing any third-party integrations that interact with the admin console. While SameSite cookies are present, their ineffectiveness in this scenario highlights the importance of using POST requests for state-changing operations. After upgrading, confirm the fix by attempting to trigger a CSRF attack and verifying that the request is blocked or ignored.

Como corrigir

Atualize para a última versão do WSO2 Open Banking AM que contenha a correção para a vulnerabilidade CSRF. Certifique-se de que os serviços do Carbon console não estejam expostos a redes não confiáveis, seguindo as WSO2 Secure Production Guidelines.

Boletim de Segurança CVE

Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.

Perguntas frequentestraduzindo…

What is CVE-2025-6670 — CSRF in WSO2 Open Banking AM?

CVE-2025-6670 is a Cross-Site Request Forgery (CSRF) vulnerability in WSO2 Open Banking AM versions prior to 7.2.0.1, allowing attackers to perform unauthorized actions via crafted links.

Am I affected by CVE-2025-6670 in WSO2 Open Banking AM?

Yes, if you are running WSO2 Open Banking AM versions earlier than 7.2.0.1, you are potentially affected by this CSRF vulnerability.

How do I fix CVE-2025-6670 in WSO2 Open Banking AM?

Upgrade WSO2 Open Banking AM to version 7.2.0.1 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.

Is CVE-2025-6670 being actively exploited?

While no public exploits are currently known, the vulnerability's ease of exploitation makes it a potential target for attackers.

Where can I find the official WSO2 advisory for CVE-2025-6670?

Refer to the official WSO2 security advisory for detailed information and updates regarding CVE-2025-6670: [https://wso2.com/en/security/vulnerabilities/cve-2025-6670/](https://wso2.com/en/security/vulnerabilities/cve-2025-6670/)

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátisBuscar CVEs