Privilege Escalation in IBM WebSphere Application Server - Liberty
CVE-2025-14915

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server - Liberty
Vendor: CVE Published:; 25 March 2026

What is CVE-2025-14915?

IBM WebSphere Application Server - Liberty, specifically versions 17.0.0.3 through 26.0.0.3, is susceptible to a privilege escalation vulnerability. This issue allows an attacker with privileged access to potentially manipulate the access rights, thereby gaining further unauthorized access to sensitive areas of the application server. Organizations using affected versions should assess their security posture and apply appropriate patches as outlined in the vendor advisory.

Affected Version(s)

WebSphere Application Server - Liberty 17.0.0.3 <= 26.0.0.3

References

https://www.ibm.com/support/pages/node/7267345

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Dec 18, 2025

CVE-2025-14915 Data

JSON