Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-62261 - Vulnerability Database
Liferay DXP

Liferay DXP Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-62261

Medium
Reference: CVE-2025-62261
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62261
Title: Liferay DXP Cleartext Storage of Sensitive Information Vulnerability
Overview:

Liferay Portal 7.4.0 through 7.4.3.99 and older unsupported versions and Liferay DXP 2023.Q3.1 through 2023.Q3.4 7.4 GA through update 92 7.3 GA through update 34 and older unsupported versions stores password reset tokens in plain text which allows attackers with access to the database to obtain the token reset a users password and take over the users account.