PT-2025-41793 · Liferay · Liferay Portal+1

Foobar7

Published

2025-10-13

Updated

2025-10-13

CVE-2025-62244

CVSS v4.0

4.8

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.1 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.5

Description An insecure direct object reference (IDOR) exists in the Publications feature. This allows remotely authenticated attackers to view the edit page of a publication by manipulating the com liferay change tracking web portlet PublicationsPortlet ctCollectionId parameter.

Recommendations Update Liferay Portal to a version later than 7.4.3.111. Update Liferay DXP to a version later than 2023.Q4.5.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-62244

GHSA-2HFJ-JV6Q-762V

Affected Products

Liferay Dxp

Liferay Portal

PT-2025-41793 · Liferay · Liferay Portal+1

CVE-2025-62244

Weakness Enumeration

Related Identifiers

Affected Products

References · 11