CVE-2025-62251
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-13
Last updated on: 2025-12-12
Assigner: Liferay Inc.
Description
Description
Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in sensitive information being exposed to unauthorized users.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liferay | digital_experience_platform | to 7.4 (inc) |
| liferay | digital_experience_platform | From 2023.q3.1 (inc) to 2023.q3.9 (exc) |
| liferay | digital_experience_platform | From 2023.q4.0 (inc) to 2023.q4.6 (exc) |
| liferay | liferay_portal | From 7.3.0 (inc) to 7.4.3.119 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Liferay Portal and Liferay DXP allows the Menu Display Widget to show content to users who do not have permission to view it. Essentially, unauthorized users can see sensitive information that should be restricted.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information to unauthorized users, which may result in data breaches, loss of confidentiality, and potential harm to your organization's reputation and security posture.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70