CVE-2025-14617
Unknown Unknown - Not Provided
Path Traversal in JW Library Android App Component SiloContainer

Publication date: 2025-12-13

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-13
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14617
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jehovahs_witnesses jw_library_app 15.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal issue in the Jehovahs Witnesses JW Library App (up to version 15.5.1) on Android. It affects an unknown function within the component org.jw.jwlibrary.mobile.activity.SiloContainer. An attacker with local access can manipulate the application to traverse directories improperly, potentially accessing files outside the intended scope.

Detection Guidance

Detection of CVE-2025-14617 involves monitoring for suspicious file import activities within the JW Library app, especially intents with ACTION_SEND containing path traversal payloads in the '_display_name' parameter. Since the exploit manipulates file paths to overwrite internal files, checking for unexpected modifications to files such as '/data/data/org.jw.jwlibrary.mobile/shared_prefs/org.jw.jwlibrary.mobile_preferences.xml' can indicate exploitation attempts. Commands to detect this could include using 'adb shell' to check file integrity or monitor logs for suspicious intents. For example, using 'adb shell su -c "ls -l /data/data/org.jw.jwlibrary.mobile/shared_prefs/"' to inspect files, or 'adb logcat | grep org.jw.jwlibrary.mobile' to monitor app logs for unusual activity. Additionally, monitoring for intents with crafted URIs via Android intent monitoring tools could help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the device to prevent exploitation, as the attack requires local access. Since no official patches or countermeasures are documented, it is recommended to avoid using the vulnerable JW Library app version 15.5.1 and replace or update the app once a fixed version is available. Additionally, monitoring and restricting apps that can send intents to the vulnerable component may reduce risk. Applying general Android security best practices such as limiting app permissions and avoiding installation of untrusted applications can also help mitigate exploitation. [2]

Impact Analysis

The vulnerability can lead to unauthorized access to files on the device due to path traversal. This could result in exposure or modification of sensitive data, impacting confidentiality, integrity, and availability of information within the app. However, local access is required to exploit this vulnerability.

Compliance Impact

The provided resources do not explicitly discuss the impact of CVE-2025-14617 on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows arbitrary file overwrite and potential exposure or manipulation of sensitive internal files, it could lead to breaches of confidentiality, integrity, and availability of data. Such breaches may negatively affect compliance with data protection regulations that require safeguarding personal or sensitive information. No direct statements about compliance impact or regulatory consequences are given. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14617. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart