CVE-2025-62245
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-10
Last updated on: 2025-12-12
Assigner: Liferay Inc.
Description
Description
Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liferay | digital_experience_platform | From 2023.Q3.1 (inc) to 2023.Q3.10 (inc) |
| liferay | digital_experience_platform | From 2023.q4.0 (inc) to 2023.q4.6 (exc) |
| liferay | digital_experience_platform | 7.4 |
| liferay | liferay_portal | From 7.4.1 (inc) to 7.4.3.113 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-site request forgery (CSRF) issue in certain versions of Liferay Portal and Liferay DXP. It allows remote attackers to perform unauthorized actions, specifically to add and edit publication comments, by tricking authenticated users into submitting unwanted requests.
How can this vulnerability impact me? :
The vulnerability can allow attackers to manipulate publication comments without authorization, potentially leading to misinformation, defacement, or unauthorized content changes on affected Liferay Portal or DXP instances.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70