CVE-2025-62245

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.1 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5

Description A cross-site request forgery (CSRF) issue exists. This allows remote attackers to add and edit publication comments. The affected functionality does not require authentication, potentially enabling unauthorized actions.

Recommendations Update Liferay Portal to a version later than 7.4.3.112. Update Liferay DXP to a version later than 2023.Q3.10. Update Liferay DXP to a version later than 2023.Q4.5.

Fix

IDOR

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-352

Related Identifiers

CVE-2025-62245

GHSA-3CM9-JRF5-H2CX

GHSA-9676-RH83-CR86

Affected Products

Liferay Dxp

Liferay Portal

CVE-2025-62245

Weakness Enumeration

Related Identifiers

Affected Products

References · 14