CVE-2025-62242

EPSS 0.04%
Veröffentlicht 13.10.2025 19:10:30
Zuletzt bearbeitet 07.11.2025 19:11:06
Quelle security@liferay.com
CVE-Watchlists
Login
Unerledigt
Login

Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses from a different account via the _com_liferay_account_admin_web_internal_portlet_AccountEntriesAdminPortlet_addressId parameter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version7.4

Liferay ≫ Digital Experience Platform Version2023.q3.1

Liferay ≫ Digital Experience Platform Version2023.q3.2

Liferay ≫ Digital Experience Platform Version2023.q3.3

Liferay ≫ Digital Experience Platform Version2023.q3.4

Liferay ≫ Digital Experience Platform Version2023.q3.5

Liferay ≫ Digital Experience Platform Version2023.q3.6

Liferay ≫ Digital Experience Platform Version2023.q3.7

Liferay ≫ Digital Experience Platform Version2023.q3.8

Liferay ≫ Digital Experience Platform Version2023.q3.9

Liferay ≫ Digital Experience Platform Version2023.q3.10

Liferay ≫ Digital Experience Platform Version2023.q4.1

Liferay ≫ Digital Experience Platform Version2023.q4.2

Liferay ≫ Digital Experience Platform Version2023.q4.3

Liferay ≫ Digital Experience Platform Version2023.q4.4

Liferay ≫ Digital Experience Platform Version2023.q4.5

Liferay ≫ Liferay Portal Version >= 7.4.1 < 7.4.3.112

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@liferay.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-62242

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62242

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62242

EUVD