CVE-2025-3602

Опубликовано: 16 июн. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3602
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2023.q3.1 (включая) до 2023.q3.2 (включая)

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_20:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update20:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update21:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update22:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update23:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update24:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update25:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update26:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update27:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update28:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update29:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update30:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update31:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update32:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update33:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update35:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.3.97 (включая)

EPSS

Процентиль: 31%

0.00118

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

Связанные уязвимости

GHSA-8c26-xm99-53w7

github

8 месяцев назад

Liferay Portal does not limit the depth of a GraphQL queries