CVE-2025-10907 — An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative — CVE Database · The Intelligence Room