CVE-2025-14340

Name: CVE-2025-14340
Creator: NVD / NIST
Published: 2026-02-18T14:16:00.97+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.3/10EPSS 1.00%

Last modified Jun 17, 2026

CVE-2025-14340 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.. EPSS estimates a 1.00% chance of exploitation in the next 30 days.

Description

Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

Metrics

CVSS 4.0

7.3/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:X/RE:M/U:Red

EPSS Probability

1.00%

58.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

References

https://docs.payara.fish/enterprise/docs/Security/Security%20Fix%20List.html

Timeline

Published: Feb 18, 2026
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-14340?

How severe is CVE-2025-14340?

CVE-2025-14340 has a CVSS score of 7.3/10 (HIGH severity). The EPSS model estimates a 1.00% probability of exploitation in the next 30 days.

How do I fix CVE-2025-14340?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-14340?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST