CVE-2025-14914

High

Published: 02 February 2026

Published

02 February 2026

Modified

12 February 2026

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0001 3.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14914 is a high-severity Path Traversal (CWE-22) vulnerability in Ibm Websphere Application Server. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Path traversal in zip upload to public-facing WebSphere app directly enables remote file overwrite for arbitrary code execution (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

Deeper analysisAI

CVE-2025-14914 is a path traversal vulnerability (CWE-22) affecting IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.1. Published on 2026-02-02, it allows a privileged user to upload a zip archive containing path traversal sequences, which can overwrite arbitrary files on the server and lead to arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 7.6 (AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with a changed scope.

Exploitation requires a high-privileged remote attacker (PR:H) who can interact with the server over the network (AV:N). The attack demands high attack complexity (AC:H) and user interaction (UI:R), such as an administrator approving or performing the upload of a specially crafted zip archive. Successful exploitation enables file overwrites outside the intended directory, culminating in arbitrary code execution on the server.

IBM has published a security advisory at https://www.ibm.com/support/pages/node/7258224, which provides details on the vulnerability, affected versions, and recommended mitigations or patches. Security practitioners should consult this advisory for specific remediation steps.

Details

CWE(s): CWE-22

Affected Products

ibm

websphere application server

17.0.0.3 — 26.0.0.1

CVEs Like This One

CVE-2025-36236Same vendor: Ibm

CVE-2025-14923Same product: Ibm Websphere Application Server

CVE-2025-3356Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2023-49886Same vendor: Ibm

CVE-2026-1343Same vendor: Ibm

CVE-2025-36379Same vendor: Ibm

CVE-2026-1264Same vendor: Ibm

CVE-2024-45652Same vendor: Ibm

CVE-2025-33077Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7258224
Vendor Advisory · psirt@us.ibm.com