Security Listings

LIferay DXP 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay Portal 6.2 CE Liferay Portal 7.0 Liferay Portal 7.1 Liferay Portal 7.2 Liferay Portal 7.3 Liferay Portal 7.4

8.6

CVE-2025-3594 DoS vulnerability with SessionClicks

Description

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal and Liferay DXP allows remote attackers to (1) add files to arbitrary locations on the server and (2) download and execute arbitrary files from the download server via the `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter.

Severity

8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

Affected Version(s)

Liferay Portal 7.0.0 through 7.4.3.4
Liferay DXP 7.3 GA through Update 34
Liferay DXP 7.2
Liferay DXP 7.1
Liferay DXP 7.0
Liferay Portal 6.2 EE

Fixed Version(s)

Liferay Portal 7.4.3.5-ga5
Liferay DXP 7.3 Update 35

CVE-2025-3594

Publication Date:

أكتوبر ٧, ٢٠٢٤

Found a Bug?

If you have found, or think you have found a bug, help us to help you by letting us know!

Learn How >

Found a Security Vulnerability?

There's a different process available if you have a security issue to report...

Learn How >

Hall of Fame!

Raise your profile - report security vulnerabilities and enter the Hall of Fame!

Learn How >

Community

Company

Feedback