Liferay Portal Missing Authorization Vulnerability - CVE-2025-62247

Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132 and Liferay DXP 2025.Q2.0 through 2025.Q2.9 2025.Q1.0 through 2025.Q1.16 2024.Q4.0 through 2024.Q4.7 2024.Q3.1 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.19 allows instance users to read and select unauthorized Blueprints through the Collection Providers across instances.