CVE-2025-62253

CWE-601 — Open Redirect4 documents4 sources

Severity

6.9MEDIUM

EPSS

0.0%

top 88.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liferay Digital Experience Platform Liferay Liferay Portal Liferay DXP +1 more

Timeline

PublishedOct 27

Description

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages5 packages

▶NVDliferay/liferay_portal7.4.0 — 7.4.3.98+1

▶CVEListV5liferay/portal7.4.0 — 7.4.3.97

▶NVDliferay/digital_experience_platform< 7.3+6

▶Mavencom.liferay:com.liferay.layout.admin.web5.0.8 — 5.0.157

▶CVEListV5liferay/dxp7.3.10 — 7.3.10-u35+2

🔴Vulnerability Details

OSV

Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter↗2025-10-27

▶

GHSA

Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter↗2025-10-27

▶

CVEList

CVE-2025-62253: Open redirect vulnerability in page administration in Liferay Portal 7↗2025-10-27

▶