Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-13475
Received
More InfoOfficial Page
Source-ed10eef1-636d-4fbe-9993-6890dfa878f8
View Known Exploited Vulnerability (KEV) details
Published At-04 Jul, 2026 | 13:16
Updated At-04 Jul, 2026 | 13:16

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing. This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-288Secondaryed10eef1-636d-4fbe-9993-6890dfa878f8
CWE ID: CWE-288
Type: Secondary
Source: ed10eef1-636d-4fbe-9993-6890dfa878f8
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/ed10eef1-636d-4fbe-9993-6890dfa878f8
N/A
Hyperlink: https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/
Source: ed10eef1-636d-4fbe-9993-6890dfa878f8
Resource: N/A
Change History
0Changes found

Details not found