CVE-2025-14914

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.1

Description IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.1 may allow a privileged user to upload a zip archive containing path traversal sequences. This could lead to overwriting files and potentially arbitrary code execution. The issue involves the uploading of zip archives and the potential for exploiting path traversal to overwrite files. The vulnerable component is related to file upload functionality. The zip archive is used to deliver the malicious payload.

Recommendations Versions prior to 17.0.0.3 and versions after 26.0.0.1 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.