CVE-2025-62259
published 2025-10-27CVE-2025-62259: Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through…
medium6.9CVSS 4.0
AVNACLATNPRNUINVCLVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | <= 7.0 | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | dxp | 2023.Q3.1 – 2023.Q3.4 | — |
| liferay | dxp | 7.3.10 – 7.3.10-u35 | — |
| liferay | dxp | 7.4.13 – 7.4.13-u92 | — |
| liferay | liferay_portal | < 7.4.3.110 | 7.4.3.110 |
| liferay | portal | 7.4.0 – 7.4.3.109 | — |