CSRF Vulnerability in Liferay Portal and Liferay DXP
CVE-2025-62245
5.1MEDIUM
What is CVE-2025-62245?
A Cross-Site Request Forgery (CSRF) vulnerability exists in Liferay Portal versions 7.4.1 to 7.4.3.112 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.5, as well as other specified versions. This weakness enables remote attackers to exploit user sessions, allowing unauthorized actions such as adding or editing publication comments without user consent. It is crucial to apply mitigation strategies to protect environments running these affected versions.
Affected Version(s)
DXP 7.4.13 <= 7.4.13-u92
DXP 2023.Q3.1 <= 2023.Q3.10
DXP 2023.Q4.0 <= 2023.Q4.5