Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay DXP Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-62276)

Description

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.

Remediation

References

Related Vulnerabilities

WordPress Plugin YARPP-Yet Another Related Posts SQL Injection (5.30.2)

WebLogic Out-of-bounds Write Vulnerability (CVE-2020-36518)

PHP Improper Input Validation Vulnerability (CVE-2016-4538)

Oracle JRE CVE-2012-0497 Vulnerability (CVE-2012-0497)

WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)

Severity

Medium

Classification

CVE-2025-62276 CWE-525 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities