Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-62261)

Description

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s account.

Remediation

References

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-1409)

Moodle CVE-2024-33996 Vulnerability (CVE-2024-33996)

WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.3)

WordPress Plugin LearnPress-WordPress LMS Local File Inclusion (4.2.6.8.2)

Severity

Medium

Classification

CVE-2025-62261 CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities