CVE-2025-2565 Exposure of data through form entry to unauthorized users - Liferay

CVE-2025-2565 Exposure of data through form entry to unauthorized users

Description

The data exposure vulnerability in Liferay Portal and Liferay DXP allows an unauthorized user to obtain entry data from forms.

Severity

5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N)

Affected Version(s)

Liferay Portal 7.4.0 through 7.4.3.128
Liferay DXP 2024.Q2.0 through 2024.Q2.12
Liferay DXP 2024.Q1.1 through 2024.Q1.12
Liferay DXP 2023.Q4.0 through 2023.Q4.10
Liferay DXP 2023.Q3.1 through 2023.Q3.10
Liferay DXP 7.4 GA through update 92

Fixed Version(s)

Liferay Portal 7.4.3.129
Liferay DXP 2024.Q4.0
Liferay DXP 2024.Q3.1
Liferay DXP 2024.Q1.13

Publication date: Wed, 11 Dec 2024 19:01:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.