CVE-2025-62275
Essential information
- Published
- 01/11/2025 03:15
- Modified
- 10/11/2025 16:20
- Author
- —
- Creator
- —
- CVSS
- 6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- LOW
- Confidentiality (S)
- NONE
- Integrity (V)
- NONE
- Integrity (S)
- NONE
- Availability (V)
- NONE
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers to view the images in a blog entry via crafted URL.
NVD status
- Status
- Analyzed — CVE has had analysis completed and all data associations made.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.5:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.6:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.7:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.8:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.9:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q3.10:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.0:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.1:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.2:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.3:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.4:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.5:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.6:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.7:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.8:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.9:*:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023.q4.10:*:*:*:*:*:*:* |
| liferay / liferay portal | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |