CVE-2025-62276
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-01

Last updated on: 2025-11-10

Assigner: Liferay Inc.

Description
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-01
Last Modified
2025-11-10
Generated
2026-06-16
AI Q&A
2025-11-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-62276
Affected Vendors & Products
Showing 23 associated CPEs
Vendor Product Version / Range
liferay digital_experience_platform 7.4
liferay digital_experience_platform 2023.q3.1
liferay digital_experience_platform 2023.q3.2
liferay digital_experience_platform 2023.q3.3
liferay digital_experience_platform 2023.q3.4
liferay digital_experience_platform 2023.q3.5
liferay digital_experience_platform 2023.q3.6
liferay digital_experience_platform 2023.q3.7
liferay digital_experience_platform 2023.q3.8
liferay digital_experience_platform 2023.q3.9
liferay digital_experience_platform 2023.q3.10
liferay digital_experience_platform 2023.q4.0
liferay digital_experience_platform 2023.q4.1
liferay digital_experience_platform 2023.q4.2
liferay digital_experience_platform 2023.q4.3
liferay digital_experience_platform 2023.q4.4
liferay digital_experience_platform 2023.q4.5
liferay digital_experience_platform 2023.q4.6
liferay digital_experience_platform 2023.q4.7
liferay digital_experience_platform 2023.q4.8
liferay digital_experience_platform 2023.q4.9
liferay digital_experience_platform 2023.q4.10
liferay liferay_portal From 7.4.0 (inc) to 7.4.3.112 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-525 The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Document Library and Adaptive Media modules in certain versions of Liferay Portal and Liferay DXP. These modules incorrectly set the Cache-Control HTTP header for file downloads by not using a private Cache-Control directive. As a result, local users can access downloaded files through the browser's cache, potentially exposing sensitive data. [1]

Impact Analysis

The vulnerability allows local users to access downloaded files via the browser's cache, which can lead to unintended exposure of sensitive or confidential information stored in those files. This could compromise data privacy and security on affected systems. [1]

Detection Guidance

This vulnerability can be detected by checking if the affected Liferay Portal or DXP versions are in use and verifying the Cache-Control HTTP headers for file downloads from the Document Library and Adaptive Media modules. Specifically, you should look for Cache-Control headers that do not include the 'private' directive, which indicates the vulnerability. You can use tools like curl or browser developer tools to inspect these headers. For example, a command to check the header might be: curl -I https://your-liferay-instance/path-to-downloaded-file and look for the Cache-Control header in the response. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading affected Liferay Portal and DXP installations to fixed versions: Liferay Portal 7.4.3.112 or later, and Liferay DXP 2024.Q1.1 or later. Until upgrades can be applied, restrict local user access to systems where downloads occur, and consider clearing browser caches regularly to prevent unauthorized access to cached files. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62276. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart