Main Vulnerability Database Vulnerabilities #VU124875

Use of hard-coded cryptographic key in IBM WebSphere Application Server Liberty - CVE-2025-14923

Published: April 6, 2026

Vulnerability identifier: #VU124875

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-14923

CWE-ID: CWE-321

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM WebSphere Application Server Liberty

Detailed vulnerability description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. A local user can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2025-14923

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/7261761

Use of hard-coded cryptographic key in IBM WebSphere Application Server Liberty - CVE-2025-14923

Detailed vulnerability description

How to mitigate CVE-2025-14923

Sources

Please verify you're human