CVE-2025-62250Origin Validation Error in Digital Experience Platform

CWE-346Origin Validation Error4 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 94.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Liferay Digital Experience PlatformLiferay PortalLiferay DXP+1 more
Timeline
PublishedOct 21

Description

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versio

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

NVDliferay/liferay_portal7.0.07.4.3.132
CVEListV5liferay/portal7.4.07.4.3.132
NVDliferay/digital_experience_platform2023.q3.12023.q3.5+5
CVEListV5liferay/dxp7.3.107.3.10-u35+3

🔴Vulnerability Details

3
GHSA
Liferay Portal fails to verify messages from the cluster network is trusted2025-10-21
CVEList
CVE-2025-62250: Improper Authentication in Liferay Portal 72025-10-21
OSV
Liferay Portal fails to verify messages from the cluster network is trusted2025-10-21
CVE-2025-62250 — Origin Validation Error | cvebase