Missing Authorization Vulnerability in Liferay Portal and DXP
CVE-2025-62247

2LOW

Key Information:

Vendor

Liferay
Status
Portal
Dxp
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62247?

A vulnerability in the Collection Provider component of Liferay Portal and DXP allows unauthorized instance users to access and select Blueprints across different instances. This flaw spans multiple versions, making it crucial for users to maintain updated environments and implement appropriate access controls.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DXP 2024.Q1.1 <= 2024.Q1.19

DXP 2024.Q2.0 <= 2024.Q2.13

DXP 2024.Q3.1 <= 2024.Q3.13

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.