CVE-2025-4604
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-04

Last updated on: 2025-12-15

Assigner: Liferay Inc.

Description
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-04
Last Modified
2025-12-15
Generated
2026-05-06
AI Q&A
2025-08-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-4604
Affected Vendors & Products
Showing 20 associated CPEs
Vendor Product Version / Range
liferay digital_experience_platform From 2024.q1.1 (inc) to 2024.q1.19 (inc)
liferay digital_experience_platform From 2024.q2.0 (inc) to 2024.q2.13 (inc)
liferay digital_experience_platform From 2024.Q3.0 (inc) to 2024.Q3.13 (inc)
liferay digital_experience_platform From 2024.q4.0 (inc) to 2024.q4.7 (inc)
liferay digital_experience_platform From 2025.q1.0 (inc) to 2025.q1.15 (inc)
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay digital_experience_platform 7.4
liferay liferay_portal From 7.4.3.80 (inc) to 7.4.3.132 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability allows attackers to bypass the Captcha check in specific versions of Liferay Portal and Liferay DXP. By exploiting this, attackers can run scripts in the Gogo shell, potentially gaining unauthorized access or control.


How can this vulnerability impact me? :

The impact of this vulnerability includes the possibility for attackers to bypass security measures like Captcha, enabling them to execute scripts in the Gogo shell. This can lead to unauthorized actions, potential system compromise, or further exploitation within affected Liferay Portal and DXP environments.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart