Path Traversal Vulnerability in Liferay Portal and DXP
CVE-2025-3594

8.6HIGH

Key Information:

Vendor: Liferay
Status: Portal; Dxp
Vendor: CVE Published:; 16 June 2025

What is CVE-2025-3594?

A path traversal vulnerability exists in Liferay Portal and DXP versions 7.0.0 through 7.4.3.4. This weakness allows remote attackers to manipulate files on the server. By exploiting the _com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName parameter, attackers can upload files to unauthorized locations and potentially download arbitrary files from a remote server, posing serious security risks. It is crucial for administrators to apply patches or update to secure versions to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DXP 6.2.0

DXP 7.0.10

DXP 7.1.10

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
Apr 14, 2025

JSON

Liferay

What is CVE-2025-3594?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.