Medium severity5.3NVD Advisory· Published Dec 13, 2025· Updated Apr 29, 2026

CVE-2025-14617

Description

A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in JW Library App for Android up to 15.5.1 allows a malicious app to overwrite arbitrary files, potentially leading to code execution or denial of service.

Vulnerability

Overview The vulnerability resides in the component org.jw.jwlibrary.mobile.activity.SiloContainer of the JW Library App. It stems from insufficient security validation when handling imported files, enabling an attacker to control both the filename and content through path traversal sequences [1]. This allows overwriting of arbitrary files within the app's internal storage.

Exploitation

Details Exploitation requires local access, meaning a malicious app must be installed on the same Android device. The attack is triggered automatically when the victim opens the malicious app, which sends an intent with a crafted URI containing path traversal (e.g., ../...) in the _display_name parameter [1]. No further user interaction is needed.

Impact

Successful exploitation can overwrite critical configuration or executable files, leading to application malfunction, denial of service, or arbitrary code execution [1]. The attacker could modify preferences or other sensitive data, potentially compromising the app's integrity and the user's data.

Mitigation

Status As of the publication date, no official patch has been announced. The vendor has been notified, and the exploit is publicly disclosed [1]. Users should exercise caution with third-party apps and monitor for updates from the vendor.

References

JW Library APP Arbitrary File Overwrite Vulnerability

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Jehovahs Witnesses/JW Library Appllm-create
Range: <=15.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Secsys-FDU/AF_CVEs/issues/1nvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000