CVE-2025-62275

🗓️ 01 Nov 2025 02:42:50Reported by LiferayType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 7 Views

CVE-2025-62275 allows viewing blog entry images without permission in certain Liferay Portal and Liferay DXP versions.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2025-62275	1 Nov 202503:58	–	circl
CNNVD	Liferay Portal和Liferay DXP 安全漏洞	1 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-62275	1 Nov 202502:42	–	cvelist
EUVD	EUVD-2025-37410	1 Nov 202503:30	–	euvd
Github Security Blog	Liferay Portal and DXP do not check permissions of images in a blog entry	1 Nov 202503:30	–	github
NVD	CVE-2025-62275	1 Nov 202503:15	–	nvd
OSV	CVE-2025-62275	1 Nov 202503:15	–	osv
OSV	GHSA-XF7M-V66Q-76W8 Liferay Portal and DXP do not check permissions of images in a blog entry	1 Nov 202503:30	–	osv
Positive Technologies	PT-2025-44699	1 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-62275	2 Nov 202502:55	–	redhatcve

NVD

Vulners

Node

liferay digital_experience_platformMatch7.4

liferay digital_experience_platformMatch2023.q3.1

liferay digital_experience_platformMatch2023.q3.2

liferay digital_experience_platformMatch2023.q3.3

liferay digital_experience_platformMatch2023.q3.4

liferay digital_experience_platformMatch2023.q3.5

liferay digital_experience_platformMatch2023.q3.6

liferay digital_experience_platformMatch2023.q3.7

liferay digital_experience_platformMatch2023.q3.8

liferay digital_experience_platformMatch2023.q3.9

liferay digital_experience_platformMatch2023.q3.10

liferay digital_experience_platformMatch2023.q4.0

liferay digital_experience_platformMatch2023.q4.1

liferay digital_experience_platformMatch2023.q4.2

liferay digital_experience_platformMatch2023.q4.3

liferay digital_experience_platformMatch2023.q4.4

liferay digital_experience_platformMatch2023.q4.5

liferay digital_experience_platformMatch2023.q4.6

liferay digital_experience_platformMatch2023.q4.7

liferay digital_experience_platformMatch2023.q4.8

liferay digital_experience_platformMatch2023.q4.9

liferay digital_experience_platformMatch2023.q4.10

liferay liferay_portalRange7.4.0–7.4.3.112

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.111",
        "status": "affected",
        "version": "7.4.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13-u92",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2023.Q3.10",
        "status": "affected",
        "version": "2023.Q3.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2023.Q4.10",
        "status": "affected",
        "version": "2023.Q4.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62275

10 Nov 2025 16:20Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.3

CVSS 46.9

EPSS0.0006

SSVC

CWE-863