Information Disclosure Vulnerability in Liferay Portal and DXP
CVE-2025-62251
4.8MEDIUM
What is CVE-2025-62251?
A vulnerability exists in Liferay Portal and Liferay DXP that allows unauthorized users to access restricted content through the Menu Display Widget. This issue affects specific versions, potentially exposing sensitive information to individuals without the necessary permissions. It is crucial for organizations using affected versions to apply available security patches to protect against unauthorized information disclosure.
Affected Version(s)
DXP 7.3.10 <= 7.3.10-u36
DXP 7.4.13 <= 7.4.13-u92
DXP 2023.Q3.1 <= 2023.Q3.8
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved