CVE-2025-62251

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 88.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Liferay Digital Experience PlatformLiferay Liferay PortalLiferay DXP+1 more
Timeline
PublishedOct 13
Latest updateOct 14

Description

Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in sensitive information being exposed to unauthorized users.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages5 packages

NVDliferay/liferay_portal7.3.07.4.3.119
CVEListV5liferay/portal7.3.07.4.3.119
NVDliferay/digital_experience_platform2023.q3.12023.q3.9+2
CVEListV5liferay/dxp7.3.107.3.10-u36+3

🔴Vulnerability Details

3
OSV
Liferay has Incorrect Permission Assignment for Critical Resource2025-10-14
GHSA
Liferay has Incorrect Permission Assignment for Critical Resource2025-10-14
CVEList
CVE-2025-62251: Liferay Portal 72025-10-13
CVE-2025-62251 (MEDIUM CVSS 4.8) | Liferay Portal 7.3.0 through 7.4.3. | cvebase.io