Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-62276)

Description

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.

Remediation

References

Related Vulnerabilities

WordPress Plugin Double Opt-In for Download SQL Injection (2.0.8)

WordPress Plugin OMGF-Host Google Fonts Locally Multiple Vulnerabilities (4.5.3)

WordPress Plugin ProPlayer SQL Injection (4.7.9.1)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-14174)

ownCloud Improper Access Control Vulnerability (CVE-2014-2048)

Severity

Medium

Classification

CVE-2025-62276 CWE-525 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities