PatchSiren cyber security CVE debrief
CVE-2025-8591 WSO2 CVE debrief
The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can cause the user's browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking.
- Vendor
- WSO2
- Product
- WSO2 Identity Server
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-06
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-06
- Advisory updated
- 2026-07-09
Who should care
Users of WSO2 API Manager, specifically those using versions 3.1.0 to 4.6.0, should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and developers who manage or use WSO2 API Manager in their environments, as they need to assess the risk, apply patches or updates, and monitor for potential attacks. Additionally, operators and platform managers should review system configurations and ensure that httpOnly flags are set on session-related cookies to prevent session hijacking.
Technical summary
The CVE-2025-8591 vulnerability is a Cross-Site Scripting (XSS) issue in WSO2 API Manager. The vulnerability occurs due to inadequate output encoding of user-supplied input via a URL parameter. This allows an attacker to inject malicious script content into pages served by the application, potentially leading to unauthorized actions or data exposure. The vulnerability affects multiple versions of WSO2 API Manager, as well as other WSO2 products such as Identity Server, Traffic Manager, and Universal Gateway.
Defensive priority
Medium
Recommended defensive actions
- Apply patches or updates provided by WSO2 to address the vulnerability
- Implement additional security measures such as input validation and output encoding
- Monitor for suspicious activity and implement logging and incident response plans
- Consider implementing compensating controls such as Web Application Firewalls (WAFs)
- Review and update security configurations to ensure httpOnly flags are set on session-related cookies
Evidence notes
The CVE-2025-8591 vulnerability was identified in WSO2 API Manager. The vulnerability is caused by inadequate output encoding of user-supplied input via a URL parameter. The impact of this vulnerability is mitigated by the use of httpOnly flags on session-related cookies, which prevents session hijacking. However, other potential impacts include redirecting the user's browser to a malicious website or modifying the UI of the webpage.
Official resources
-
CVE-2025-8591 CVE record
CVE.org
-
CVE-2025-8591 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
ed10eef1-636d-4fbe-9993-6890dfa878f8 - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T11:16:25.713Z and has not been modified since then.