CVE-2025-3639

🗓️ 18 Aug 2025 16:48:41Reported by LiferayType

cve🔗 web.nvd.nist.gov👁 24 Views🌐 WEB

CVE-2025-3639: Liferay Portal and DXP allow login bypass by switching POST to GET when MFA enabled.

Reporter	Title	Published	Views	Family All 14
GithubExploit	Exploit for CVE-2025-3639	13 Sep 202503:09	–	githubexploit
Circl	CVE-2025-3639	17 Sep 202521:02	–	circl
CNNVD	Liferay Portal和Liferay DXP 安全漏洞	18 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-3639	18 Aug 202516:48	–	cvelist
EUVD	EUVD-2025-25127	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal Login Bypass Vulnerability	18 Aug 202518:30	–	github
Tenable Nessus	Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities	7 Aug 202500:00	–	nessus
NVD	CVE-2025-3639	18 Aug 202517:15	–	nvd
OSV	GHSA-G4WG-MPFG-X2Q6 Liferay Portal Login Bypass Vulnerability	18 Aug 202518:30	–	osv
Positive Technologies	PT-2025-33670 · Liferay · Liferay Portal +1	18 Aug 202500:00	–	ptsecurity

Vulners

Node

liferay portalRange7.3.0–7.4.3.132

liferay digital_experience_platformRange7.3.10–7.3.10-u36

liferay digital_experience_platformRange7.4.13–7.4.13-u92

liferay digital_experience_platformRange2024.Q1.1–2024.Q1.15

liferay digital_experience_platformRange2024Q2.0–2023.Q2.13

liferay digital_experience_platformRange2024.Q3.1–2024.Q3.13

liferay digital_experience_platformRange2024.Q4.0–2024.Q4.7

liferay digital_experience_platformRange2025.Q1.0–2025.Q1.6

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.132",
        "status": "affected",
        "version": "7.3.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.3.10-u36",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.4.13-u92",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q1.15",
        "status": "affected",
        "version": "2024.Q1.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2023.Q2.13",
        "status": "affected",
        "version": "2024Q2.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q3.13",
        "status": "affected",
        "version": "2024.Q3.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q4.7",
        "status": "affected",
        "version": "2024.Q4.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2025.Q1.6",
        "status": "affected",
        "version": "2025.Q1.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639

Parameter	Position	Path	Description	CWE
p_auth	query param	/c/portal/login	PoC demonstrates bypassing MFA by converting a login POST to a GET request on the Liferay login endpoint.	CWE-288
login	query param	/c/portal/login	PoC demonstrates bypassing MFA by converting a login POST to a GET request on the Liferay login endpoint.	CWE-288
password	query param	/c/portal/login	PoC demonstrates bypassing MFA by converting a login POST to a GET request on the Liferay login endpoint.	CWE-288

15 Apr 2026 00:35Current

7.2High risk

Vulners AI Score7.2

CVSS 42

EPSS0.00044

SSVC

CWE-288