CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint.

A malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.

More information : https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/