Skip to main content

JW Library App CVE-2025-14617

LOW
Path Traversal (CWE-22)
2025-12-13 cna@vuldb.com
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 02:46 vuln.today

DescriptionCVE.org

A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

AnalysisAI

Path traversal vulnerability in JW Library App for Android up to version 15.5.1 allows local authenticated users to access files outside intended directories via manipulation of the SiloContainer component. CVSS score of 1.9 reflects low confidentiality impact with no integrity or availability consequences; however, publicly available exploit code exists. Real-world risk is minimal given requirement for local access and prior authentication, EPSS score of 0.03% indicates negligible exploitation probability.

Technical ContextAI

The vulnerability resides in the org.jw.jwlibrary.mobile.activity.SiloContainer component within the Android application. Path traversal (CWE-22) occurs when user-supplied input is not properly validated before being used to construct file system paths, enabling attackers to navigate directory structures using relative path sequences (e.g., '../'). In Android contexts, this typically affects application-internal file access, data directories, or shared storage operations. The SiloContainer appears to be a content delivery or resource loading component whose file path handling lacks sufficient input sanitization.

Affected ProductsAI

Jehovah's Witnesses JW Library App for Android, versions up to and including 15.5.1, is affected. The vulnerable component is org.jw.jwlibrary.mobile.activity.SiloContainer. The exact scope of affected versions below 15.5.1 is not explicitly stated; assume all versions up to 15.5.1 carry the vulnerability unless stated otherwise by the vendor.

RemediationAI

Update JW Library App to version 16.0 or later (patch version not independently confirmed in provided references; verify with official Google Play Store or Jehovah's Witnesses official app repository for the latest version and changelog confirming path traversal fix). As a workaround pending patch deployment, device administrators or enterprise deployment teams can restrict application permissions via Android permission controls and monitor application file access logs if the device supports them. Users should avoid granting unnecessary storage permissions to the JW Library App and keep the Android OS updated to the latest security patch level. No compensating controls within the application itself are viable; patching is the primary mitigation. Consult the official Jehovah's Witnesses support channels or the GitHub reference (https://github.com/Secsys-FDU/AF_CVEs/issues/1) for vendor guidance.

Share

CVE-2025-14617 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy