Description

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions that will treat it as trusted data via unauthenticated cluster messages.

Remediation

References

CVE-2025-62250

Related Vulnerabilities

Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2026-7666)

WordPress Plugin Crelly Slider Multiple Unspecified Vulnerabilities (1.1.1)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2729)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4576)

WordPress Plugin ToolBar to Share Cross-Site Request Forgery (2.0)

Severity

Medium

Classification

CVE-2025-62250 CWE-346 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities