CVE-2025-3594

🗓️ 16 Jun 2025 14:13:54Reported by LiferayType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 41 Views

Path traversal vulnerability in Xuggler affects Liferay Portal allowing remote file access and execution.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2025-3594	16 Jun 202515:15	–	attackerkb
Circl	CVE-2025-3594	16 Jun 202514:38	–	circl
CNNVD	Liferay Portal和Liferay DXP 路径遍历漏洞	16 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-3594	16 Jun 202514:13	–	cvelist
EUVD	EUVD-2025-18408	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler	16 Jun 202515:32	–	github
NVD	CVE-2025-3594	16 Jun 202515:15	–	nvd
OSV	CVE-2025-3594	16 Jun 202515:15	–	osv
OSV	GHSA-P73J-GPCQ-49H8 Liferay Portal path traversal vulnerability with the downloading and installation of Xuggler	16 Jun 202515:32	–	osv
Positive Technologies	PT-2025-25557 · Liferay +1 · Liferay Portal +2	16 Jun 202500:00	–	ptsecurity

NVD

Vulners

Node

liferay digital_experience_platformRange7.0–7.2

liferay digital_experience_platformMatch7.3-

liferay digital_experience_platformMatch7.3update1

liferay digital_experience_platformMatch7.3update10

liferay digital_experience_platformMatch7.3update11

liferay digital_experience_platformMatch7.3update12

liferay digital_experience_platformMatch7.3update13

liferay digital_experience_platformMatch7.3update14

liferay digital_experience_platformMatch7.3update15

liferay digital_experience_platformMatch7.3update16

liferay digital_experience_platformMatch7.3update17

liferay digital_experience_platformMatch7.3update19

liferay digital_experience_platformMatch7.3update2

liferay digital_experience_platformMatch7.3update20

liferay digital_experience_platformMatch7.3update21

liferay digital_experience_platformMatch7.3update22

liferay digital_experience_platformMatch7.3update23

liferay digital_experience_platformMatch7.3update24

liferay digital_experience_platformMatch7.3update25

liferay digital_experience_platformMatch7.3update3

liferay digital_experience_platformMatch7.3update4

liferay digital_experience_platformMatch7.3update5

liferay digital_experience_platformMatch7.3update6

liferay digital_experience_platformMatch7.3update7

liferay digital_experience_platformMatch7.3update8

liferay digital_experience_platformMatch7.3update9

liferay digital_experience_platformMatch7.4update1

liferay digital_experience_platformMatch7.4update2

liferay digital_experience_platformMatch7.4update3

liferay digital_experience_platformMatch7.4update4

liferay digital_experience_platformMatch7.4update5

liferay digital_experience_platformMatch7.4update6

liferay digital_experience_platformMatch7.4update7

liferay digital_experience_platformMatch7.4update8

liferay digital_experience_platformMatch7.4update9

liferay liferay_portalRange7.0.0–7.4.3.4

liferay liferay_portalMatch6.2-enterprise

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.4",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "portal-173",
        "status": "affected",
        "version": "6.2.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "de-102",
        "status": "affected",
        "version": "7.0.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "dxp-28",
        "status": "affected",
        "version": "7.1.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "dxp-20",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.3.10-u34",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3594

12 Dec 2025 20:07Current

7.9High risk

Vulners AI Score7.9

CVSS 3.19.8

CVSS 48.6

EPSS0.01593

SSVC

CWE-22