Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-62259)

Description

Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API.

Remediation

References

Related Vulnerabilities

WordPress Plugin Extra User Details Privilege Escalation (0.4.2)

WordPress Plugin WP Custom Fields Search Cross-Site Scripting (1.2.34)

WordPress 6.0.x Multiple Vulnerabilities (6.0 - 6.0.1)

MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4097)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-27100)

Severity

Medium

Classification

CVE-2025-62259 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities