CVE-2025-14917

Medium

Published: 25 March 2026

Published

25 March 2026

Modified

30 March 2026

KEV Added

—

Patch

—

CVSS Score 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.2th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14917 is a medium-severity Use of Default Password (CWE-1393) vulnerability in Ibm Websphere Application Server. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1562.001); ranked at the 2.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Disable or Modify Tools (T1562.001). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the flaw in WebSphere Liberty's security settings administration by applying vendor patches as recommended in the IBM advisory.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to limit local high-privilege (PR:H) access, reducing the accounts able to exploit weaker security during administration.

CM-5 Access Restrictions for Change partial match

prevent

Restricts and authorizes access to configuration changes, preventing unauthorized or improper administration of security settings that could lead to exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1562.001 Disable or Modify Tools Stealth

Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities.

attack.mitre.org →

Why these techniques?

Vulnerability weakens administration of security settings in WebSphere Liberty, directly enabling a high-privileged local attacker to modify or disable security controls (impair defenses).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Deeper analysisAI

CVE-2025-14917 is a vulnerability in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3 that could provide weaker than expected security when administering security settings. Published on 2026-03-25, it is associated with CWE-1393 and carries a CVSS 3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by a local attacker requiring high privileges on the affected system. With low attack complexity and no user interaction needed, a successful exploit enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability.

IBM has issued a security advisory with details on the issue and recommended mitigations at https://www.ibm.com/support/pages/node/7267362.

Details

CWE(s): CWE-1393

Affected Products

ibm

websphere application server

17.0.0.3 — 26.0.0.4

CVEs Like This One

CVE-2025-14915Same product: Apple Macos

CVE-2026-21218Same product: Apple Macos

CVE-2025-36258Same product: Ibm Aix

CVE-2025-13855Same product: Ibm Aix

CVE-2024-7577Same product: Ibm Aix

CVE-2025-14974Same product: Ibm Aix

CVE-2024-52363Same product: Ibm Aix

CVE-2024-51459Same product: Ibm Aix

CVE-2024-38337Same product: Ibm Aix

CVE-2024-41783Same product: Ibm Aix

References

https://www.ibm.com/support/pages/node/7267362
Vendor Advisory · psirt@us.ibm.com