CVE-2025-14914Path Traversal in IBM Websphere Application Server Liberty

CWE-22Path Traversal4 documents4 sources
Severity
7.6HIGHNVD
EPSS
0.0%
top 97.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere Application Server LibertyIBM Websphere Application Server
Timeline
PublishedFeb 2

Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5ibm/websphere_application_server_liberty17.0.0.326.0.0.1
NVDibm/websphere_application_server17.0.0.326.0.0.1

🔴Vulnerability Details

2
CVEList
IBM WebSphere Application Server Liberty Path Traversal2026-02-02
GHSA
GHSA-3ggc-v7xp-4343: IBM WebSphere Application Server Liberty 172026-02-02

🕵️Threat Intelligence

1
Wiz
CVE-2025-14914 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-14914 — Path Traversal in IBM | cvebase