CVE-2025-62242 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Liferay	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
liferay	digital_experience_platform	7.4
liferay	digital_experience_platform	2023.q3.1:q3.1
liferay	digital_experience_platform	2023.q3.2:q3.2
liferay	digital_experience_platform	2023.q3.3:q3.3
liferay	digital_experience_platform	2023.q3.4:q3.4
liferay	digital_experience_platform	2023.q3.5:q3.5
liferay	digital_experience_platform	2023.q3.6:q3.6
liferay	digital_experience_platform	2023.q3.7:q3.7
liferay	digital_experience_platform	2023.q3.8:q3.8
liferay	digital_experience_platform	2023.q3.9:q3.9
liferay	digital_experience_platform	2023.q3.10:q3.10
liferay	digital_experience_platform	2023.q4.1:q4.1
liferay	digital_experience_platform	2023.q4.2:q4.2
liferay	digital_experience_platform	2023.q4.3:q4.3
liferay	digital_experience_platform	2023.q4.4:q4.4
liferay	digital_experience_platform	2023.q4.5:q4.5
liferay	liferay_portal	7.4.1 ≤ 𝑥 < 7.4.3.112

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245