CVE-2025-14914 – This vulnerability allows a privileged user in ... (How to Fix)

Q: What is the severity of CVE-2025-14914?

CVE-2025-14914 has a CVSS score of 7.6 (HIGH). This vulnerability allows a privileged user in IBM WebSphere Application Server Liberty to upload a zip archive containing path traversal sequences, which can overwrite files and lead to arbitrary code execution. It affects versions 17.0.0.3 through 26.0.0.1. Only authenticated privileged users can exploit this vulnerability.

📋 TL;DR

This vulnerability allows a privileged user in IBM WebSphere Application Server Liberty to upload a zip archive containing path traversal sequences, which can overwrite files and lead to arbitrary code execution. It affects versions 17.0.0.3 through 26.0.0.1. Only authenticated privileged users can exploit this vulnerability.

💻 Affected Systems

Products:

IBM WebSphere Application Server Liberty

Versions: 17.0.0.3 through 26.0.0.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires privileged user access; not exploitable by unauthenticated users.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged user gains full system control through arbitrary code execution, potentially compromising the entire server and data.

🟠

Likely Case

Privileged user modifies critical files to escalate privileges, disrupt services, or steal sensitive data.

🟢

If Mitigated

With proper access controls and monitoring, exploitation attempts are detected and blocked before damage occurs.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated privileged access and knowledge of path traversal techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix from IBM Security Bulletin

Vendor Advisory: https://www.ibm.com/support/pages/node/7258224

Restart Required: Yes

Instructions:

1. Review IBM Security Bulletin. 2. Download and apply the appropriate fix pack. 3. Restart the Liberty server. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Restrict privileged user uploads

all

Limit or disable zip archive upload functionality for privileged users.

Configure Liberty server security constraints to restrict file uploads

Implement file validation

all

Add server-side validation to reject zip archives containing path traversal sequences.

Implement custom servlet filters or security policies to sanitize uploads

🧯 If You Can't Patch

Implement strict access controls to limit privileged user capabilities.
Monitor and audit all file upload activities for suspicious patterns.

🔍 How to Verify

Check if Vulnerable:

Check Liberty server version using server.xml or command line.

Check Version:

Check Liberty server version in server.xml or run: java -jar wlp/bin/productInfo version

Verify Fix Applied:

Verify the applied fix version matches or exceeds the patched version.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload activities by privileged users
Path traversal patterns in upload requests

Network Indicators:

Suspicious HTTP POST requests with zip files to upload endpoints

SIEM Query:

source="Liberty" AND (event="FILE_UPLOAD" AND user="privileged" AND file="*.zip")

📊 Metadata

CVE ID: CVE-2025-14914

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://www.ibm.com/support/pages/node/7258224