CVE-2025-14340
Admin Account Takeover via malicious URL payload
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
| CWE | CWE-79 |
| Vendor | payara platform |
| Product | payara server |
| Published | Feb 18, 2026 |
| Last Updated | Feb 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for payara platform payara server
Be the first to know when new unknown vulnerabilities affecting payara platform payara server are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Payara Platform / Payara Server
4.1.153.1 ≤ 4.1.2.191.53 5.20.0 ≤ 5.82.0 6.0.0 ≤ 6.33.0 7.2024.1.Alpha1 ≤ 7.2025.2 6.2022.1 ≤ 6.2025.11 5.2020.2 ≤ 5.2022.5 5.181 ≤ 5.201.2
References
Credits
🔍 Camilo G. AkA Dédalo [https://x.com/SeguridadBlanca] (DeepSecurity Perú - [https://www.deepsecurity.pe])