Plattform
ibm
Komponente
websphere-application-server-liberty
Behoben in
26.0.1
CVE-2025-14914 describes a Path Traversal vulnerability affecting IBM WebSphere Application Server Liberty. A privileged user can exploit this flaw by uploading a specially crafted zip archive containing path traversal sequences, allowing them to overwrite files and potentially achieve arbitrary code execution. This vulnerability impacts versions 17.0.0.3 through 26.0.0.1, and a fix is available from IBM.
Successful exploitation of CVE-2025-14914 could grant an attacker the ability to execute arbitrary code on the affected WebSphere Application Server Liberty instance. By crafting a malicious zip archive with path traversal sequences, an attacker can overwrite critical system files or application code, leading to complete system compromise. The blast radius extends to any data processed by the Liberty server, potentially including sensitive customer information, financial data, or proprietary business logic. This vulnerability shares similarities with other path traversal exploits where attackers leverage file system navigation to gain unauthorized access and control.
CVE-2025-14914 was publicly disclosed on 2026-02-02. The vulnerability's severity is rated as HIGH with a CVSS score of 7.6. Currently, there are no known public exploits or active campaigns targeting this vulnerability, but the potential for exploitation remains significant given the ease of crafting malicious zip archives. Monitor security advisories and threat intelligence feeds for any indications of exploitation.
Organizations heavily reliant on WebSphere Application Server Liberty for hosting critical applications are at significant risk. This includes those using legacy configurations with weak access controls and those deploying Liberty in shared hosting environments where multiple applications share the same server instance. Applications that handle sensitive data, such as financial or healthcare information, are particularly vulnerable.
• linux / server: Monitor Liberty server logs for suspicious file upload attempts containing path traversal sequences (e.g., ../../). Use journalctl -f to monitor in real-time.
journalctl -f | grep 'path traversal'• java: Examine application server logs for errors related to file access or modification. Use Java profiling tools to monitor file system activity.
• generic web: Use curl to test file upload endpoints with crafted filenames containing path traversal sequences. Check for unexpected file modifications.
curl -F '[email protected]' http://your-liberty-server/uploaddisclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-14914 is to upgrade to a patched version of IBM WebSphere Application Server Liberty as soon as it becomes available. Until the upgrade can be performed, consider implementing strict file upload validation to prevent the upload of zip archives containing path traversal sequences. Review and restrict file permissions to limit the impact of a successful overwrite. Web Application Firewalls (WAFs) configured to detect and block path traversal attempts can provide an additional layer of defense. After upgrading, verify the fix by attempting to upload a test zip archive containing a path traversal sequence and confirming that the upload is rejected.
Actualice IBM WebSphere Application Server Liberty a una versión posterior a 26.0.0.1 que haya solucionado la vulnerabilidad de path traversal. Consulte el advisory de IBM para obtener más detalles sobre las versiones corregidas y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14914 is a Path Traversal vulnerability in WebSphere Application Server Liberty versions 17.0.0.3–26.0.0.1, allowing attackers to overwrite files and potentially achieve arbitrary code execution.
If you are running WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.1, you are potentially affected by this vulnerability. Check your version and upgrade accordingly.
Upgrade to a patched version of WebSphere Application Server Liberty as recommended by IBM. Implement WAF rules as a temporary mitigation if patching is delayed.
While no active exploitation has been publicly confirmed, the nature of path traversal vulnerabilities suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the official IBM Security Bulletin for CVE-2025-14914 for detailed information and the latest updates: [https://www.ibm.com/support/kbdoc/](https://www.ibm.com/support/kbdoc/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.