Information Disclosure Vulnerability in Liferay Portal and DXP
CVE-2025-62251

4.8MEDIUM

Key Information:

Vendor: Liferay
Status: Portal; Dxp
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-62251?

A vulnerability exists in Liferay Portal and Liferay DXP that allows unauthorized users to access restricted content through the Menu Display Widget. This issue affects specific versions, potentially exposing sensitive information to individuals without the necessary permissions. It is crucial for organizations using affected versions to apply available security patches to protect against unauthorized information disclosure.

Affected Version(s)

DXP 7.3.10 <= 7.3.10-u36

DXP 7.4.13 <= 7.4.13-u92

DXP 2023.Q3.1 <= 2023.Q3.8

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Oct 9, 2025

JSON