CVE-2025-14340

Q: How severe is CVE-2025-14340?

CVSS scoring is not yet available for CVE-2025-14340. Check NVD for updates.

Q: Is there a patch for CVE-2025-14340?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

Related Weaknesses (CWE)

CWE-79

References

https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html

FAQ

What is CVE-2025-14340?

CVE-2025-14340 is a documented vulnerability. Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Paylo...

How severe is CVE-2025-14340?

CVSS scoring is not yet available for CVE-2025-14340. Check NVD for updates.

Is there a patch for CVE-2025-14340?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.