Cyber Resilience

CVE-2025-14923

Medium

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v3.1 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0017 6.9th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-14923 is a medium-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Ibm Websphere Application Server. Its CVSS base score is 4.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-12 (Cryptographic Key Establishment and Management).

Deeper analysis

CVE-2025-14923 is a security vulnerability in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.2. It results in weaker than expected security when using the Security Utility to administer security settings. The issue maps to CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-798 (Use of Hard-coded Credentials), with a CVSS v3.1 base score of 4.7 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).

An attacker requires local access to the system, low privileges, and must overcome high attack complexity, with no user interaction required. Successful exploitation enables high-impact unauthorized disclosure of confidential information, such as sensitive security configuration data, but does not affect integrity or availability.

IBM provides details on mitigation and patches in its security advisory at https://www.ibm.com/support/pages/node/7261761.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Hard-coded keys/credentials in Security Utility directly enable local extraction of sensitive security config data (T1552.001); vulnerability permits unauthorized local data access (T1005).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-8644Same product: Ibm Websphere Application Server
CVE-2025-14914Same product: Ibm Websphere Application Server
CVE-2026-9311Same product: Ibm Websphere Application Server
CVE-2026-9330Same product: Ibm Websphere Application Server
CVE-2026-3621Same product: Ibm Websphere Application Server
CVE-2026-8633Same product: Ibm Websphere Application Server
CVE-2026-9319Same product: Ibm Websphere Application Server
CVE-2026-8620Same product: Ibm Websphere Application Server
CVE-2024-28766Same vendor: Ibm
CVE-2025-1722Same vendor: Ibm

Affected Assets

ibm
websphere application server
17.0.0.3 — 26.0.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires proper cryptographic key establishment and management, eliminating the hard-coded keys (CWE-321) that weaken the Security Utility.

prevent

Mandates secure authenticator management practices that prohibit hard-coded credentials (CWE-798) in security administration tools.

prevent

Requires cryptographic protection of sensitive security configuration data at rest, limiting disclosure impact from the weaker Security Utility.

References