cvedb.io
CVE-2025-8154
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-05-11T10:16:12.863 · Last modified 2026-06-17T10:06:24.420

Summary

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities.

Affected products

wso2 — api_control_plane

Does this affect you?

Add your gear to cvedb and we'll alert you only when wso2 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.