Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay DXP Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-62261)

Description

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s account.

Remediation

References

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

Squid Improper Privilege Management Vulnerability (CVE-2019-12522)

WordPress Plugin Gettext override translations Cross-Site Scripting (1.0.1)

MySQL CVE-2024-21193 Vulnerability (CVE-2024-21193)

Drupal Core 7.x Multiple Cross-Site Scripting Vulnerabilities (7.0 - 7.85)

Severity

Medium

Classification

CVE-2025-62261 CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities