CVE-2025-62275

Опубликовано: 01 нояб. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers to view the images in a blog entry via crafted URL.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62275
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.5:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.6:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.7:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.8:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.9:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.10:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.0:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.1:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.2:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.3:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.4:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.5:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.6:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.7:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.8:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.9:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.10:*:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.3.112 (исключая)

EPSS

Процентиль: 18%

0.00057

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-xf7m-v66q-76w8