EUVD-2025-209020
GHSA-c39w-6qgm-5cp7
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Description
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.
Analysis
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3 are vulnerable to privilege escalation due to improper access control (CWE-200: Information Exposure). A privileged user with existing authenticated access to the application server can exploit this vulnerability to gain additional unauthorized access to sensitive resources, potentially leading to information disclosure and integrity violations. While a CVSS score of 6.5 indicates moderate severity, the vulnerability requires high privileges to trigger (PR:H) and has no user interaction requirement, making it exploitable by insiders or compromised administrative accounts.
Technical Context
The vulnerability resides in IBM WebSphere Application Server Liberty, a lightweight enterprise Java application server supporting Java EE and Jakarta EE standards. The affected versions span a wide range (17.0.0.3 to 26.0.0.3), indicating a regression or design flaw in the access control mechanisms that verify user permissions when accessing application server resources. CWE-200 (Information Exposure Through an Error Message) suggests the root cause involves improper validation or enforcement of role-based access control (RBAC), where authenticated users with one privilege level can escalate to higher privilege roles or access data outside their authorization scope. The network-accessible nature of WebSphere (AV:N) means this is remotely exploitable over standard HTTP/HTTPS ports used for administration consoles and remote management.
Affected Products
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3 are affected, as identified by CPE cpe:2.3:a:ibm:websphere_application_server_-_liberty. This version range spans multiple major releases, including Liberty 17, 18, 19, 20, 21, 22, 23, 24, 25, and 26 up to their respective 0.3 patch levels. Organizations running any version within this range should inventory their deployments immediately. The vendor has published a security advisory with patch details at https://www.ibm.com/support/pages/node/7267345, which contains version-specific remediation guidance.
Remediation
Upgrade IBM WebSphere Application Server Liberty to a patched version released by IBM following security advisory node/7267345 available at https://www.ibm.com/support/pages/node/7267345. Contact IBM support to determine the appropriate patched version for your current deployment. Until patching is possible, enforce the principle of least privilege for administrative accounts by restricting the number of users with high-level permissions, implement multi-factor authentication for administrative console access, isolate WebSphere administration ports (typically 9443) to trusted internal networks only, and audit all administrative account activities via centralized logging. Implement network segmentation to prevent lateral movement if an administrative account is compromised. Schedule patching during a controlled maintenance window to minimize business disruption, testing patches in a staging environment first.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today