CVE-2025-14914 | THREATINT

Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

PUBLISHED Reserved 2025-12-18 | Published 2026-02-02 | Updated 2026-02-03 | Assigner ibm

HIGH: 7.6CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-22

Product status

Default status

unaffected

17.0.0.3 (semver)

affected

References

www.ibm.com/support/pages/node/7258224 vendor-advisory patch

cve.org (CVE-2025-14914)

nvd.nist.gov (CVE-2025-14914)

Download JSON