216.73.216.133

CVE-2025-14340

· Published 18/02/2026 14:16 · Modified 18/02/2026 17:51

Labels: CVE-2025-14340 2026-02-18769c9ae7-73c3-4e47-ae19-903170fc3eb8CVE-2025-14340CWE-79

Essential information

Published
18/02/2026 14:16
Modified
18/02/2026 17:51
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
769c9ae7-73c3-4e47-ae19-903170fc3eb8
NVD
View on NVD

Affected products (CPE)

ProductCPE
payara / payara server cpe:2.3:a:payara:payara_server:<4.1.2.191.54:*:*:*:*:*:*:*
payara / payara server cpe:2.3:a:payara:payara_server:<5.83.0:*:*:*:*:*:*:*
payara / payara server cpe:2.3:a:payara:payara_server:<6.34.0:*:*:*:*:*:*:*
payara / payara server cpe:2.3:a:payara:payara_server:<7.2026.1:*:*:*:*:*:*:*

References