CVE-2025-8154

Published: Mag 11, 2026 Last Modified: Mag 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: ed10eef1-636d-4fbe-9993-6890dfa878f8

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses.

By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities.

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control Other Integrity Non-Repudiation

Potential Impacts:

Read Application Data Bypass Protection Mechanism Alter Execution Logic Other Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://security.docs.wso2.com/en/latest/security-announcem…

https://security.docs.wso2.com/en/latest/security-announcements/security-adviso…

CVE-2025-8154

Description

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter