PT-2025-44021 · Liferay · Liferay Portal 7.3 Ga+5
Abderrahmane Bounhidja
·
Published
2025-10-27
·
Updated
2025-10-27
·
CVE-2025-62253
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Liferay Portal versions 7.3 GA through update 35
Liferay Portal versions 7.4.0 through 7.4.3.97
Liferay DXP versions 2023.Q3.1 through 2023.Q3.4
Liferay DXP version 2023.Q4.0
Liferay Portal 7.4 GA through update 92
Description
An open redirect issue exists in page administration functionality. This allows remote attackers to redirect users to arbitrary external URLs via the
com liferay layout admin web portlet GroupPagesPortlet redirect parameter.Recommendations
Liferay Portal versions 7.3 GA through update 35: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Liferay Portal versions 7.4.0 through 7.4.3.97: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Liferay DXP versions 2023.Q3.1 through 2023.Q3.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Liferay DXP version 2023.Q4.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Liferay Portal 7.4 GA through update 92: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp 2023.Q3.1
Liferay Dxp 2023.Q3.4
Liferay Dxp 2023.Q4.0
Liferay Portal 7.3 Ga
Liferay Portal 7.4 Ga
Liferay Portal 7.4.0