NVD/NISTCVE-2025-9973
WSO2 Identity Server Flaw Disclosed
PublishedMay 11, 2026 at 12:16 PM·medium
What happened
A medium-severity vulnerability (CVE-2025-9973) in WSO2 Identity Server lets an attacker with admin rights in one organization run adaptive authentication logic against other organizations in the same deployment, breaking tenant isolation. This puts multi-tenant WSO2 customers at risk of cross-org privilege escalation and account takeover. Administrators should apply WSO2's patch, audit adaptive authentication scripts, and review access logs across organizations.
Tags
#wso2#cve-2025-9973#identity#privilege-escalation#authentication-bypass
Source reference
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/ ↗See how Fortify maps this threat to your compliance posture.
14-day free trial · no credit card · HIPAA, SOC 2, ISO 27001, GDPR
Sign Up →