CVE-2025-10470 – WSO2 Identity Server

CVSS 8.6 IMPORTANT

“If identity systems fail, attackers don’t just get in—they become you.”

This patch addresses CVE-2025-10470 in WSO2 Identity Server, a High severity vulnerability affecting authentication and access control mechanisms. The CVSS score is 8.6. The issue could allow attackers to bypass security controls or gain unauthorized access to identity services, potentially impacting user authentication flows and sensitive identity data.

No verified exploitation has been confirmed. However, as a central identity provider, any compromise could cascade across connected applications and services, increasing the overall risk to enterprise environments.

Key Details

Affected Product: Wso2 Identity Server
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-400

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2025-10470 – WSO2 Identity Server

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002