Weak Security Control in IBM WebSphere Application Server Liberty
CVE-2025-14917

6.7MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server - Liberty
Vendor: CVE Published:; 25 March 2026

What is CVE-2025-14917?

IBM WebSphere Application Server Liberty has been found to provide insufficient protection when managing security settings, potentially exposing sensitive configurations to unauthorized access. This weakness is crucial for administrators to address to maintain robust security across applications deployed on the Liberty framework. For detailed guidance on mitigation and patching, refer to the vendor advisory linked.

Affected Version(s)

WebSphere Application Server - Liberty 17.0.0.3 <= 26.0.0.3

References

https://www.ibm.com/support/pages/node/7267362

vendor-advisorypatch

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Dec 18, 2025

CVE-2025-14917 Data

JSON