Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2025-62251 - Vulnerability Database
Liferay DXP

Liferay DXP Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2025-62251

Medium
Reference: CVE-2025-62251
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62251
Title: Liferay DXP Incorrect Permission Assignment for Critical Resource Vulnerability
Overview:

Liferay Portal 7.3.0 through 7.4.3.119 and Liferay DXP 2023.Q3.1 through 2023.Q3.8 2023.Q4.0 through 2023.Q4.5 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in sensitive information being exposed to unauthorized users.