CVE-2025-9804 — An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user — CVE Database · The Intelligence Room