CVE-2025-14917Use of Default Password in IBM Websphere Application Server

CWE-1393Use of Default Password4 documents4 sources
Severity
9.8CRITICALNVD
CNA6.7
EPSS
0.0%
top 89.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere Application ServerIBM Websphere Application Server Liberty
Timeline
PublishedMar 25

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/websphere_application_server_liberty17.0.0.326.0.0.3
NVDibm/websphere_application_server17.0.0.326.0.0.4

🔴Vulnerability Details

2
GHSA
GHSA-436f-fmh9-32gq: IBM WebSphere Application Server - Liberty 172026-03-25
CVEList
IBM WebSphere Application Server Liberty could provide weaker than expected security2026-03-25

🕵️Threat Intelligence

1
Wiz
CVE-2025-14917 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-14917 — Use of Default Password in IBM | cvebase