winnie, the disassembling beara cool code analysis path on how to arrive at the parser's vulnerable function: https://infosec.exchange/@_r_netsec/115450903679941887
/r/netsec (@[email protected])
404 to arbitrary file read in WSO2 API Manager (CVE-2025-2905) https://crnkovic.dev/wso2-404-to-arbitrary-file-read/