CVE-2025-4604
published 2025-08-04CVE-2025-4604: The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through…
medium6.9CVSS 4.0
AVNACHATPPRLUIAVCHVILVANSCHSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | 2024.Q3.0 – 2024.Q3.13 | — |
| liferay | digital_experience_platform | 2024.q1.1 – 2024.q1.19 | — |
| liferay | digital_experience_platform | 2024.q2.0 – 2024.q2.13 | — |
| liferay | digital_experience_platform | 2024.q4.0 – 2024.q4.7 | — |
| liferay | digital_experience_platform | 2025.q1.0 – 2025.q1.15 | — |
| liferay | dxp | 2024.Q1.1 – 2024.Q1.16 | — |
| liferay | dxp | 2024.Q2.0 – 2024.Q2.13 | — |
| liferay | dxp | 2024.Q3.0 – 2024.Q3.13 | — |
| liferay | dxp | 2024.Q4.0 – 2024.Q4.7 | — |
| liferay | dxp | 2025.Q1.0 – 2025.Q1.15 | — |
| liferay | dxp | 7.4.13-u80 – 7.4.13-u92 | — |
| liferay | liferay_portal | 7.4.3.80 – 7.4.3.132 | — |
| liferay | portal | 7.4.0 – 7.4.3.132 | — |