Main Vulnerability Database Vulnerabilities #VU124829

#VU124829 Information disclosure in IBM WebSphere Application Server Liberty - CVE-2025-14915

Published: April 2, 2026

Vulnerability identifier: #VU124829

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-14915

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM WebSphere Application Server Liberty

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application with the restConnector-1.0 or restConnector-2.0 feature enabled. A remote authenticated user can gain unauthorized access to sensitive information and escalate privileges within thin the application.

Remediation

Apply interim fix PH70327 and update to the next version when available.

External links

https://www.ibm.com/support/pages/node/7267345

#VU124829 Information disclosure in IBM WebSphere Application Server Liberty - CVE-2025-14915

Description

Remediation

External links

Please verify you're human