CVE-2025-14340 - Vulnerability Details - OpenCVE

Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html

History

Wed, 18 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 18 Feb 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
Title		Admin Account Takeover via malicious URL payload
Weaknesses		CWE-79
References		https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:N/R:U/RE:M/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: Payara

Published: 2026-02-18T13:39:11.316Z

Updated: 2026-02-18T14:09:59.632Z

Reserved: 2025-12-09T14:07:13.242Z

Link: CVE-2025-14340

Vulnrichment

Updated: 2026-02-18T14:09:54.258Z

NVD

Status : Received

Published: 2026-02-18T14:16:00.970

Modified: 2026-02-18T14:16:00.970

Link: CVE-2025-14340

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14340", "assignerOrgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "state": "PUBLISHED", "assignerShortName": "Payara", "dateReserved": "2025-12-09T14:07:13.242Z", "datePublished": "2026-02-18T13:39:11.316Z", "dateUpdated": "2026-02-18T14:09:59.632Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Payara Server", "vendor": "Payara Platform", "versions": [{"lessThanOrEqual": "4.1.2.191.53", "status": "affected", "version": "4.1.153.1", "versionType": "custom"}, {"lessThanOrEqual": "5.82.0", "status": "affected", "version": "5.20.0", "versionType": "semver"}, {"lessThanOrEqual": "6.33.0", "status": "affected", "version": "6.0.0", "versionType": "semver"}, {"lessThanOrEqual": "7.2025.2", "status": "affected", "version": "7.2024.1.Alpha1", "versionType": "semver"}, {"lessThanOrEqual": "6.2025.11", "status": "affected", "version": "6.2022.1", "versionType": "semver"}, {"lessThanOrEqual": "5.2022.5", "status": "affected", "version": "5.2020.2", "versionType": "semver"}, {"lessThanOrEqual": "5.201.2", "status": "affected", "version": "5.181", "versionType": "semver"}, {"status": "unaffected", "version": "4.1.2.191.54", "versionType": "custom"}, {"status": "unaffected", "version": "5.83.0", "versionType": "semver"}, {"status": "unaffected", "version": "6.34.0", "versionType": "semver"}, {"status": "unaffected", "version": "7.2026.1", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Camilo Galdos <camilo.galdos@deepsecurity.pe>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload."}], "value": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0,\u00a0<6.34.0,\u00a0<7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload."}], "impacts": [{"capecId": "CAPEC-173", "descriptions": [{"lang": "en", "value": "CAPEC-173: Action Spoofing"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.3, "baseSeverity": "HIGH", "exploitMaturity": "UNREPORTED", "privilegesRequired": "HIGH", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:N/R:U/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "shortName": "Payara", "dateUpdated": "2026-02-18T13:39:11.316Z"}, "references": [{"url": "https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "You must upgrade to an unaffected version."}], "value": "You must upgrade to an unaffected version."}], "source": {"discovery": "EXTERNAL"}, "title": "Admin Account Takeover via malicious URL payload", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T14:09:45.635406Z", "id": "CVE-2025-14340", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T14:09:59.632Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14340", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-18T14:09:45.635406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T14:09:54.258Z"}}], "cna": {"title": "Admin Account Takeover via malicious URL payload", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Camilo Galdos <camilo.galdos@deepsecurity.pe>"}], "impacts": [{"capecId": "CAPEC-173", "descriptions": [{"lang": "en", "value": "CAPEC-173: Action Spoofing"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 7.3, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:N/R:U/RE:M/U:Red", "exploitMaturity": "UNREPORTED", "providerUrgency": "RED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Payara Platform", "product": "Payara Server", "versions": [{"status": "affected", "version": "4.1.153.1", "versionType": "custom", "lessThanOrEqual": "4.1.2.191.53"}, {"status": "affected", "version": "5.20.0", "versionType": "semver", "lessThanOrEqual": "5.82.0"}, {"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.33.0"}, {"status": "affected", "version": "7.2024.1.Alpha1", "versionType": "semver", "lessThanOrEqual": "7.2025.2"}, {"status": "affected", "version": "6.2022.1", "versionType": "semver", "lessThanOrEqual": "6.2025.11"}, {"status": "affected", "version": "5.2020.2", "versionType": "semver", "lessThanOrEqual": "5.2022.5"}, {"status": "affected", "version": "5.181", "versionType": "semver", "lessThanOrEqual": "5.201.2"}, {"status": "unaffected", "version": "4.1.2.191.54", "versionType": "custom"}, {"status": "unaffected", "version": "5.83.0", "versionType": "semver"}, {"status": "unaffected", "version": "6.34.0", "versionType": "semver"}, {"status": "unaffected", "version": "7.2026.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "You must upgrade to an unaffected version.", "supportingMedia": [{"type": "text/html", "value": "You must upgrade to an unaffected version.", "base64": false}]}], "references": [{"url": "https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0,\u00a0<6.34.0,\u00a0<7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.", "supportingMedia": [{"type": "text/html", "value": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "shortName": "Payara", "dateUpdated": "2026-02-18T13:39:11.316Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14340", "state": "PUBLISHED", "dateUpdated": "2026-02-18T14:09:59.632Z", "dateReserved": "2025-12-09T14:07:13.242Z", "assignerOrgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "datePublished": "2026-02-18T13:39:11.316Z", "assignerShortName": "Payara"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0,\u00a0<6.34.0,\u00a0<7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload."}], "id": "CVE-2025-14340", "lastModified": "2026-02-18T14:16:00.970", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:X/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "type": "Secondary"}]}, "published": "2026-02-18T14:16:00.970", "references": [{"source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "url": "https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html"}], "sourceIdentifier": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "769c9ae7-73c3-4e47-ae19-903170fc3eb8", "type": "Secondary"}]}