Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay Portal Incorrect Authorization Vulnerability - CVE-2025-62275 - Vulnerability Database
Liferay Portal

Liferay Portal Incorrect Authorization Vulnerability - CVE-2025-62275

Medium
Reference: CVE-2025-62275
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62275
Title: Liferay Portal Incorrect Authorization Vulnerability
Overview:

Blogs in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 through 2023.Q4.10 2023.Q3.1 through 2023.Q3.10 7.4 GA through update 92 and older unsupported versions does not check permission of images in a blog entry which allows remote attackers to view the images in a blog entry via crafted URL.