CVE-2025-3526
- Source
- https://cve.org/CVERecord?id=CVE-2025-3526
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3526.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-3526
- Aliases
- Published
- 2025-06-16T15:15:24.097Z
- Modified
- 2026-04-10T05:25:37.377720Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.
- References
Affected packages
Git / github.com/liferay/liferay-portal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/liferay/liferay-portal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.3-update1" }, { "introduced": "0" }, { "last_affected": "7.3-update2" }, { "introduced": "0" }, { "last_affected": "7.3-update3" }, { "introduced": "0" }, { "last_affected": "7.3-update4" }, { "introduced": "0" }, { "last_affected": "7.3-update5" }, { "introduced": "0" }, { "last_affected": "7.3-update6" }, { "introduced": "0" }, { "last_affected": "7.3-update7" }, { "introduced": "0" }, { "last_affected": "7.4-update1" }, { "introduced": "0" }, { "last_affected": "7.4-update2" }, { "introduced": "7.0.0" }, { "last_affected": "7.4.3.21" } ] }
Affected versions
6.*
6.1.0-b1
6.1.0-b2
6.1.0-b3
6.1.0-b4
6.1.0-rc1
6.2.0-b1
6.2.0-b2
6.2.0-m2
6.2.0-m3
6.2.0-m4
6.2.0-m5
6.2.0-m6
7.*
7.0.0-m1
7.0.0-m2
7.0.0-m3
7.0.0-m4
7.0.0-m5
7.1.0-a1
7.1.0-a2
7.1.0-b1
7.1.0-b2
7.1.0-m1
7.1.0-m2
7.2.0-a1
7.2.0-b1
7.2.0-b2
7.2.0-b3
7.2.0-m2
7.3.0-ga1
7.3.1-ga2
7.3.2-ga3
7.3.3-ga4
7.3.4-ga5
7.3.5-ga6
7.3.6-ga7
7.3.7-ga8
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3
7.4.3.21-ga21
7.4.3.4-ga4
7.4.3.5-ga5
7.4.3.6-ga6
7.4.3.7-ga7
sync-3.*
sync-3.0.0-b1
sync-3.0.1-b2
sync-3.0.10-ga2
sync-3.0.2-b3
sync-3.0.3-b4
sync-3.0.4-b5
sync-3.0.5-b6
sync-3.0.6-b7
sync-3.0.7-b8
sync-3.0.8-b9
sync-3.0.9-ga1
sync-3.1.0-ga1
Other
test-fix-pack-base-7310
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3526.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.2"
}
]
}
]