A vulnerability was found in WSO2 API Control Plane, Universal Gateway, Traffic Manager, API Manager, Carbon API Management Implementation and Carbon API Manager Rest API Utility . It has been declared as critical . Affected is an unknown function of the component Gateway API . The manipulation results in preservation of permissions. This vulnerability is reported as CVE-2025-8325 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.