Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability - CVE-2025-4581 - Vulnerability Database
Liferay DXP

Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability - CVE-2025-4581

High
Reference: CVE-2025-4581
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-4581
Title: Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability
Overview:

Liferay Portal 7.4.0 through 7.4.3.132 and Liferay DXP 2025.Q1.0 through 2025.Q1.4 2024.Q4.0 through 2024.Q4.7 2024.Q3.1 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.15 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems potentially leading to internal network enumeration or further exploitation.