CVE-2025-62242

Medium CVSS: 5.3

Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses from a different account via the _com_liferay_account_admin_web_internal_portlet_AccountEntriesAdminPortlet_addressId parameter.

Vendor

Liferay

Product

Digital Experience Platform

CWE

CWE-639

Yayın Tarihi

2025-10-13 20:15:34

Güncelleme

2025-11-07 19:11:06

Source Identifier

security@liferay.com

KEV Date Added

Kategoriler

CWE-639 Digital Experience Platform MEDIUM Liferay 2025

Referanslar

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245

Benzer Kayıtlar

Medium

CVE-2025-62275

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.…

Medium

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported ver…

Medium

CVE-2025-62267

Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.…

Medium

CVE-2025-62264

Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, an…

Medium

CVE-2025-62265

Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupp…

Medium

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 20…