- Description
- IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- websphere_application_server
CVSS 3.1
- Type
- Primary
- Base score
- 7.6
- Impact score
- 6
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- psirt@us.ibm.com
- CWE-22
- Hype score
- Not currently trending
CVE-2025-14914 Path Traversal Vulnerability in IBM WebSphere Application Server Liberty Enabling Code Execution https://t.co/7uhm5A8u17
@VulmonFeeds
2 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14914 IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting… https://t.co/9A4EoLgT1X
@CVEnew
2 Feb 2026
228 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PH69485:IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914 CVSS 7.6) https://t.co/JWxSnUqgY6
@knaepp
28 Jan 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
"matchCriteriaId": "03F862EB-478E-4D9A-AE4C-5E7042CC9A74",
"versionEndIncluding": "26.0.0.1",
"versionStartIncluding": "17.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]