Cyber Resilience

CVE-2025-14914

High

Published: 02 February 2026

Published
02 February 2026
Modified
12 February 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0002 5.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14914 is a high-severity Path Traversal (CWE-22) vulnerability in Ibm Websphere Application Server. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-14914 is a path traversal vulnerability (CWE-22) affecting IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.1. Published on 2026-02-02, it allows a privileged user to upload a zip archive containing path traversal sequences, which can overwrite arbitrary files on the server and lead to arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 7.6 (AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with a changed scope.

Exploitation requires a high-privileged remote attacker (PR:H) who can interact with the server over the network (AV:N). The attack demands high attack complexity (AC:H) and user interaction (UI:R), such as an administrator approving or performing the upload of a specially crafted zip archive. Successful exploitation enables file overwrites outside the intended directory, culminating in arbitrary code execution on the server.

IBM has published a security advisory at https://www.ibm.com/support/pages/node/7258224, which provides details on the vulnerability, affected versions, and recommended mitigations or patches. Security practitioners should consult this advisory for specific remediation steps.

EU & UK References

Vulnerability details

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal in zip upload to public-facing WebSphere app directly enables remote file overwrite for arbitrary code execution (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-9311Same product: Ibm Websphere Application Server
CVE-2026-8633Same product: Ibm Websphere Application Server
CVE-2026-8620Same product: Ibm Websphere Application Server
CVE-2026-9330Same product: Ibm Websphere Application Server
CVE-2026-9319Same product: Ibm Websphere Application Server
CVE-2026-8644Same product: Ibm Websphere Application Server
CVE-2026-3621Same product: Ibm Websphere Application Server
CVE-2026-3366Same vendor: Ibm
CVE-2025-36236Same vendor: Ibm
CVE-2025-14923Same product: Ibm Websphere Application Server

Affected Assets

ibm
websphere application server
17.0.0.3 — 26.0.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching and flaw remediation for the specific path traversal vulnerability in IBM WebSphere Liberty as advised by IBM.

prevent

Mandates validation of zip archive inputs to detect and block path traversal sequences, preventing arbitrary file overwrites.

prevent

Enforces least privilege to restrict high-privileged users from accessing upload functions that could be exploited for path traversal.

References