SSO endpoints are sometimes internet-facing by design, researchers famous, turning the flaw right into a distant entry level and making chaining with extra weaknesses doable.
AdminCenter flaws permit additional escalation
Past preliminary entry, the analysis outlined important points inside WebSphere Liberty’s administrative controls. The AdminCenter element, designed to implement role-based entry, accommodates a number of flaws that permit low-privileged customers to entry delicate information and secrets and techniques.
One concern, tracked below CVE-2025-14915, permits “reader”-level customers to retrieve important server information corresponding to authentication keys, which might then be used to forge tokens and impersonate increased privileged customers. One other drawback (CVE-2025-14917) lies in hardcoded passwords defending token-signing LTPA keys, alongside encryption utilities that ship with static keys (CVE-2025-14923) throughout all modes.
The remainder of the chain consists of an archive extraction flaw (CVE-2025-14914) that may be abused to write down information exterior supposed directories, alongside insecure dealing with (CVE unassigned) of configuration knowledge the place delicate entries, like credentials “in server.xml,” will be retrieved or reused as soon as entry is gained.
