CVE-2025-14914 – IBM WebSphere Information Disclosure Vulnerability
“A weakness in a core enterprise application server could expose sensitive system information to unauthorized users.”
This patch addresses a high-severity vulnerability (CVE-2025-14914) affecting IBM WebSphere Application Server. The issue exists in the way the server processes certain requests, where insufficient validation may allow unauthorized users to access sensitive information that should be restricted.
An attacker with network access to a vulnerable WebSphere environment could exploit this weakness to retrieve sensitive system data, potentially exposing configuration details or internal information about the application environment. Such exposure could assist attackers in conducting further attacks against enterprise applications and infrastructure. CVE-2025-14914 carries a CVSS v3.1 score of 7.6 (High).
IBM released security updates that strengthen request validation and restrict access to sensitive information within the affected components. Systems running vulnerable versions remain exposed until the patched update is installed.
Key Details
- Affected Product
- Ibm Websphere Application Server
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- High
- User Interaction
- Required
- CWE Classification
- CWE-22