CVE-2025-10713 is an XML External Entity (XXE) vulnerability identified in WSO2 Enterprise Integrator version 6.6.0. The root cause is the improper restriction of XML external entity references due to misconfiguration of the XML parser within the product. When processing user-supplied XML input, the application fails to adequately restrict or disable external entity resolution, which is a known attack vector for XXE. This vulnerability allows a remote attacker with authenticated access to the system to craft malicious XML payloads that cause the parser to resolve external entities. Exploiting this can lead to unauthorized disclosure of sensitive files on the server filesystem, such as configuration files, credentials, or other sensitive data. Additionally, attackers can trigger denial-of-service (DoS) conditions by causing the parser to enter infinite loops or consume excessive resources through crafted XML entities. The vulnerability requires the attacker to have some level of authentication (privileged user) but does not require user interaction. The CVSS v3.1 base score is 6.5, indicating a medium severity with high impact on confidentiality and availability but no impact on integrity. No public exploits have been reported yet, but the vulnerability is publicly disclosed and should be addressed promptly. The vulnerability is categorized under CWE-611, which covers improper restriction of XML external entity references, a common and critical XML parsing security issue. Given WSO2 Enterprise Integrator's role in enterprise application integration, this vulnerability could be leveraged to compromise sensitive enterprise data or disrupt critical integration services.

For European organizations, the impact of CVE-2025-10713 can be significant, especially for those relying on WSO2 Enterprise Integrator 6.6.0 for critical business processes, data integration, or service orchestration. Successful exploitation could lead to unauthorized disclosure of sensitive internal files, including credentials, configuration data, or intellectual property, potentially facilitating further attacks or data breaches. The denial-of-service aspect could disrupt business operations by rendering integration services unavailable, impacting downstream applications and services dependent on these integrations. This could affect sectors such as finance, manufacturing, telecommunications, and public services where WSO2 products are used. The requirement for attacker authentication reduces the risk somewhat but does not eliminate it, as insider threats or compromised credentials could be leveraged. The medium severity rating suggests that while the vulnerability is serious, it is not trivially exploitable by unauthenticated attackers, but the confidentiality and availability impacts warrant timely remediation. The lack of known exploits in the wild currently reduces immediate risk but does not preclude future exploitation attempts.

European organizations should take the following specific mitigation steps: 1) Immediately verify if WSO2 Enterprise Integrator version 6.6.0 is in use and identify all instances exposed to internal or external users. 2) Apply any available patches or updates from WSO2 addressing this vulnerability as soon as they are released. Since no patch links are currently provided, monitor WSO2 advisories closely. 3) If patching is not immediately possible, implement XML parser configuration hardening by disabling external entity resolution and DTD processing in all XML parsers used by the product, following WSO2 security guidelines. 4) Restrict access to the affected systems to trusted users only and enforce strong authentication and authorization controls to reduce the risk of attacker authentication. 5) Monitor logs for suspicious XML parsing errors or unusual file access patterns that could indicate exploitation attempts. 6) Conduct internal audits to ensure no sensitive files are unnecessarily accessible by the application process. 7) Employ network segmentation to isolate integration servers from less trusted networks. 8) Educate developers and administrators about secure XML processing practices to prevent similar issues in custom integrations. These steps go beyond generic advice by focusing on immediate configuration changes, access controls, and monitoring tailored to the WSO2 environment.