CVE-2025-3526

🗓️ 16 Jun 2025 14:18:34Reported by LiferayType

CVE-2025-3526 allows attackers to exploit Liferay Portal leading to denial-of-service conditions.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-3526	16 Jun 202514:38	–	circl
CNNVD	Liferay Portal和Liferay DXP 资源管理错误漏洞	16 Jun 202500:00	–	cnnvd
CVE	CVE-2025-3526	16 Jun 202514:18	–	cve
EUVD	EUVD-2025-18403	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session	16 Jun 202515:32	–	github
NVD	CVE-2025-3526	16 Jun 202515:15	–	nvd
OSV	CVE-2025-3526	16 Jun 202515:15	–	osv
OSV	GHSA-MF3R-6M25-3867 Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session	16 Jun 202515:32	–	osv
Positive Technologies	PT-2025-25556	16 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-3526	18 Jun 202515:04	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.21",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "portal-173",
        "status": "affected",
        "version": "6.2.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "de-102",
        "status": "affected",
        "version": "7.0.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "dxp-28",
        "status": "affected",
        "version": "7.1.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "dxp-20",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.3.10-u25",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.4.13-u9",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3526

16 Jun 2025 14:18Current

CVSS 48.7

EPSS0.00362

CWE-400

cve-2025-3526 liferay portal vulnerability denial-of-service request parameters exploitation