Headline
GHSA-fvfq-q238-j7j3: WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks
An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities.
A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server’s filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.
Skip to content
Navigation Menu
AI CODE CREATION
GitHub CopilotWrite better code with AI
GitHub SparkBuild and deploy intelligent apps
GitHub ModelsManage and compare prompts
MCP RegistryNewDiscover and integrate external tools
View all features
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
Appearance settings
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-10713
WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks
Moderate severity GitHub Reviewed Published Nov 5, 2025 to the GitHub Advisory Database • Updated Nov 6, 2025
Package
maven org.wso2.carbon.mediation:org.wso2.carbon.localentry (Maven)
Affected versions
< 4.7.259
Description
Published to the GitHub Advisory Database
Nov 5, 2025
EPSS score