CVE-2025-62276

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal 7.4 GA through update 92

Description The Document Library and Adaptive Media modules are affected by an issue where an incorrect cache-control header is used. This can allow local users to access downloaded files through the browser's cache.

Recommendations Liferay Portal versions 7.4.0 through 7.4.3.111 should be updated. Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 should be updated. Liferay Portal 7.4 GA through update 92 should be updated.