Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Incorrect Authorization Vulnerability - CVE-2025-62275 - Vulnerability Database
Liferay DXP

Liferay DXP Incorrect Authorization Vulnerability - CVE-2025-62275

Medium
Reference: CVE-2025-62275
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62275
Title: Liferay DXP Incorrect Authorization Vulnerability
Overview:

Blogs in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 through 2023.Q4.10 2023.Q3.1 through 2023.Q3.10 7.4 GA through update 92 and older unsupported versions does not check permission of images in a blog entry which allows remote attackers to view the images in a blog entry via crafted URL.