Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2025-62254 - Vulnerability Database
Liferay Portal

Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2025-62254

High
Reference: CVE-2025-62254
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62254
Title: Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 through 2023.Q4.2 2023.Q3.1 through 2023.Q3.5 7.4 GA through update 92 7.3 GA through update 35 and older unsupported versions does not limit the number or size of the files it will combine which allows remote attackers to create very large responses that lead to a denial of service attack via the URL query string.