ketr JEPaaS <=7.2.8: Auth Bypass via /je/load
CVE-2025-14088 Published on December 5, 2025
ketr JEPaaS load improper authorization
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 1 day later.
Weakness Types
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2025-14088 has been classified to as an AuthZ vulnerability or weakness.
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2025-14088
Want to know whenever a new CVE is published for Ketr Jepaas? stack.watch will email you.
Affected Versions
ketr JEPaaS:- Version 7.2.0 is affected.
- Version 7.2.1 is affected.
- Version 7.2.2 is affected.
- Version 7.2.3 is affected.
- Version 7.2.4 is affected.
- Version 7.2.5 is affected.
- Version 7.2.6 is affected.
- Version 7.2.7 is affected.
- Version 7.2.8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.