CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-13475

lowCVSS 3.5covered by 2 sourcesfirst seen 2026-07-04
A remote, authenticated attacker can exploit a vulnerability in WSO2 API Manager to disclose information.

CSIRTS triage

What
A vulnerability in WSO2 API Manager allows for information disclosure by an authenticated attacker.
Who is affected
Authenticated users of WSO2 API Manager.
Urgency
Remediation is necessary due to the low severity of the vulnerability.
Action
Users should apply the necessary updates to mitigate this vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-13475

Get an email if CVE-2025-13475 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2025-13475

CVE.org record

Embed the live status

CVE-2025-13475 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-13475 status](https://www.csirts.com/badge/CVE-2025-13475)](https://www.csirts.com/cve/CVE-2025-13475)