CVE-2025-4581

EUVD-2025-24041

09.08.2025, 05:15

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.

SSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
liferay	digital_experience_platform	2024.q1.1 ≤ 𝑥 ≤ 2024.q1.15
liferay	digital_experience_platform	2024.q2.0 ≤ 𝑥 ≤ 2024.q2.13
liferay	digital_experience_platform	2024.q3.1 ≤ 𝑥 ≤ 2024.q3.13
liferay	digital_experience_platform	2024.q4.0 ≤ 𝑥 ≤ 2024.q4.7
liferay	digital_experience_platform	2025.q1.0 ≤ 𝑥 ≤ 2025.q1.4
liferay	digital_experience_platform	7.4
liferay	liferay_portal	7.4.0 ≤ 𝑥 ≤ 7.4.3.132

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581