Missing Authorization Vulnerability in Liferay Portal and DXP
CVE-2025-62247

2LOW

Key Information:

Vendor: Liferay
Status: Portal; Dxp
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-62247?

A vulnerability in the Collection Provider component of Liferay Portal and DXP allows unauthorized instance users to access and select Blueprints across different instances. This flaw spans multiple versions, making it crucial for users to maintain updated environments and implement appropriate access controls.

Affected Version(s)

DXP 2024.Q1.1 <= 2024.Q1.19

DXP 2024.Q2.0 <= 2024.Q2.13

DXP 2024.Q3.1 <= 2024.Q3.13

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Oct 9, 2025

JSON