Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Missing Authorization Vulnerability - CVE-2025-62256 - Vulnerability Database
Liferay DXP

Liferay DXP Missing Authorization Vulnerability - CVE-2025-62256

Medium
Reference: CVE-2025-62256
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-62256
Title: Liferay DXP Missing Authorization Vulnerability
Overview:

Liferay Portal 7.4.0 through 7.4.3.109 and Liferay DXP 2023.Q4.0 through 2023.Q4.5 2023.Q3.1 through 2023.Q3.7 7.4 GA through update 92 7.3 GA through update 35 and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances which allows remote attackers to access the OpenAPI YAML file via a crafted URL.