CVE-2025-62243

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.1 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP 7.4 GA through update 92

Description An insecure direct object reference (IDOR) issue exists in the Publications feature. This allows remote authenticated attackers to view and edit publication comments via crafted URLs. The issue stems from improper user permission checks. The com liferay change tracking web portlet PublicationsPortlet value parameter is involved in the vulnerability.

Recommendations Update Liferay Portal to a version later than 7.4.3.112. Update Liferay DXP to a version later than 2023.Q4.5. Update Liferay DXP to a version later than 2023.Q3.8. Update Liferay DXP 7.4 to a version later than update 92.