CVE-2025-62261

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a users password and take over the users account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
LiferayCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
liferaydigital_experience_platform
7.3
liferaydigital_experience_platform
7.3:fix_pack_1
liferaydigital_experience_platform
7.3:fix_pack_2
liferaydigital_experience_platform
7.3:service_pack_1
liferaydigital_experience_platform
7.3:service_pack_2
liferaydigital_experience_platform
7.3:service_pack_3
liferaydigital_experience_platform
7.3:update1
liferaydigital_experience_platform
7.3:update10
liferaydigital_experience_platform
7.3:update11
liferaydigital_experience_platform
7.3:update12
liferaydigital_experience_platform
7.3:update13
liferaydigital_experience_platform
7.3:update14
liferaydigital_experience_platform
7.3:update15
liferaydigital_experience_platform
7.3:update16
liferaydigital_experience_platform
7.3:update17
liferaydigital_experience_platform
7.3:update18
liferaydigital_experience_platform
7.3:update19
liferaydigital_experience_platform
7.3:update2
liferaydigital_experience_platform
7.3:update20
liferaydigital_experience_platform
7.3:update21
liferaydigital_experience_platform
7.3:update22
liferaydigital_experience_platform
7.3:update23
liferaydigital_experience_platform
7.3:update24
liferaydigital_experience_platform
7.3:update25
liferaydigital_experience_platform
7.3:update26
liferaydigital_experience_platform
7.3:update27
liferaydigital_experience_platform
7.3:update28
liferaydigital_experience_platform
7.3:update29
liferaydigital_experience_platform
7.3:update3
liferaydigital_experience_platform
7.3:update30
liferaydigital_experience_platform
7.3:update31
liferaydigital_experience_platform
7.3:update32
liferaydigital_experience_platform
7.3:update33
liferaydigital_experience_platform
7.3:update34
liferaydigital_experience_platform
7.3:update4
liferaydigital_experience_platform
7.3:update5
liferaydigital_experience_platform
7.3:update6
liferaydigital_experience_platform
7.3:update7
liferaydigital_experience_platform
7.3:update8
liferaydigital_experience_platform
7.3:update9
liferaydigital_experience_platform
7.4
liferaydigital_experience_platform
2023.q3.1:q3.1
liferaydigital_experience_platform
2023.q3.2:q3.2
liferaydigital_experience_platform
2023.q3.3:q3.3
liferaydigital_experience_platform
2023.q3.4:q3.4
liferayliferay_portal
7.0.0 ≤
𝑥
< 7.4.3.100
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62261