SSO endpoints are sometimes internet-facing by design, researchers famous, turning the flaw right into a distant entry level and making chaining with extra weaknesses attainable.
AdminCenter flaws permit additional escalation
Past preliminary entry, the analysis outlined essential points inside WebSphere Liberty’s administrative controls. The AdminCenter part, designed to implement role-based entry, incorporates a number of flaws that permit low-privileged customers to entry delicate information and secrets and techniques.
One situation, tracked below CVE-2025-14915, permits “reader”-level customers to retrieve essential server information equivalent to authentication keys, which might then be used to forge tokens and impersonate larger privileged customers. One other drawback (CVE-2025-14917) lies in hardcoded passwords defending token-signing LTPA keys, alongside encryption utilities that ship with static keys (CVE-2025-14923) throughout all modes.
The remainder of the chain consists of an archive extraction flaw (CVE-2025-14914) that may be abused to jot down information outdoors meant directories, alongside insecure dealing with (CVE unassigned) of configuration information the place delicate entries, like credentials “in server.xml,” will be retrieved or reused as soon as entry is gained.
