GSA_kwCzR0hTQS05ZmNnLXdycDgtcWhyNM4ABFwV

Moderate CVSS: 5.1 EPSS: 0.00088% (0.25996 Percentile) EPSS:

Permalink JSON

Liferay Portal and Liferay DXP Reveals Data via Forms

Affected Packages	Affected Versions	Fixed Versions
maven:com.liferay.portal:release.dxp.bom	>= 2023.Q3.1, <= 2023.Q3.10, >= 2023.Q4.0, <= 2023.Q4.10, >= 2024.Q1.1, < 2024.Q1.13, >= 2024.Q2.0, <= 2024.Q2.12, >= 2024.Q3.0, < 2024.Q3.1	, , 2024.Q1.13, , 2024.Q3.1
0 Dependent packages 2 Dependent repositories Affected Version Ranges All affected versions 7.1.10, 7.2.1, 7.2.10, 7.3.10, 7.4.11, 7.4.12, 7.4.13 All unaffected versions
maven:com.liferay.portal:release.portal.bom	>= 7.4.0, < 7.4.3.129	7.4.3.129
5 Dependent packages 33 Dependent repositories Affected Version Ranges All affected versions 7.4.0, 7.4.1, 7.4.2 All unaffected versions 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms.

References:

Identifiers

GHSA-9fcg-wrp8-qhr4

CVE-2025-2565

Risk

Severity

Moderate

CVSS

CVSS Score: 5.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS

EPSS Percentage: 0.00088

EPSS Percentile: 0.25996

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

6 months ago

Updated

6 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories