CVE-2025-62245

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-62245
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62245.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-62245
Aliases
Published
2025-10-10T20:15:39.373Z
Modified
2026-04-10T05:32:55.588602Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Introduced
548f3899675d89749f92b7623d25e27d0c4691c7
Fixed
99206814748a429237e8d56ece5f9c5a8221c4d3
Database specific 
{
    "versions": [
        {
            "introduced": "7.4.1"
        },
        {
            "fixed": "7.4.3.113"
        }
    ]
}

Affected versions

7.*
7.4.1-ga2
7.4.2-ga3
7.4.3.4-ga4
7.4.3.41-ga41
7.4.3.5-ga5
7.4.3.6-ga6
7.4.3.7-ga7
7.4.3.88-ga88

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62245.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "2023.Q3.1"
            },
            {
                "last_affected": "2023.Q3.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2023.q4.0"
            },
            {
                "fixed": "2023.q4.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    }
]