GHSA-fhcw-px4q-pmvv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fhcw-px4q-pmvv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-fhcw-px4q-pmvv/GHSA-fhcw-px4q-pmvv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fhcw-px4q-pmvv
- Aliases
-
- CVE-2025-62241
- Published
- 2025-10-13T21:31:10Z
- Modified
- 2025-10-13T23:27:33.761915Z
- Severity
-
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
- Details
-
Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the comliferaycommerceorderwebinternalportletCommerceOrderPortlet_commerceOrderId parameter.
- Database specific
{ "github_reviewed_at": "2025-10-13T22:55:26Z", "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": "2025-10-13T20:15:34Z", "cwe_ids": [ "CWE-639" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-62241
- https://github.com/liferay/liferay-portal/commit/53401963f02f593bbf555b4b321fdaeb59e03a53
- https://github.com/liferay/liferay-portal/commit/75c39ea518eb91b3b5cbb0576074ebbbfd805401
- https://liferay.atlassian.net/browse/LPE-17936
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62241
Affected packages
Maven / com.liferay.commerce:com.liferay.commerce.order.content.web
Package
- Name
- com.liferay.commerce:com.liferay.commerce.order.content.web
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.commerce/com.liferay.commerce.order.content.web
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.114
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
1.0.39
1.0.40
1.0.41
1.0.42
1.0.43
1.0.44
1.0.45
1.0.46
1.0.47
1.0.48
1.0.49
1.0.50
1.0.51
1.0.52
1.0.53
1.0.54
1.0.55
1.0.56
1.0.57
1.0.58
1.0.59
1.0.60
1.0.61
1.0.62
1.0.63
1.0.64
1.0.65
1.0.66
1.0.67
1.0.68
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
3.0.25
3.0.26
3.0.27
3.0.28
3.0.29
3.0.30
3.0.31
3.0.32
3.0.33
3.0.34
3.0.35
3.0.36
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.19
4.0.20
4.0.21
4.0.22
4.0.23
4.0.24
4.0.25
4.0.26
4.0.27
4.0.28
4.0.29
4.0.30
4.0.31
4.0.32
4.0.33
4.0.34
4.0.35
4.0.36
4.0.37
4.0.38
4.0.39
4.0.40
4.0.41
4.0.42
4.0.43
4.0.44
4.0.45
4.0.46
4.0.47
4.0.48
4.0.49
4.0.50
4.0.51
4.0.52
4.0.53
4.0.54
4.0.55
4.0.56
4.0.57
4.0.58
4.0.59
4.0.60
4.0.61
4.0.62
4.0.63
4.0.64
4.0.65
4.0.66
4.0.67
4.0.68
4.0.69
4.0.70
4.0.71
4.0.72
4.0.73
4.0.74
4.0.75
4.0.76
4.0.77
4.0.78
4.0.79
4.0.80
4.0.81
4.0.82
4.0.83
4.0.84
4.0.85
4.0.86
4.0.87
4.0.88
4.0.89
4.0.90
4.0.91
4.0.92
4.0.93
4.0.94
4.0.95
4.0.96
4.0.97
4.0.98
4.0.99
4.0.100
4.0.101
4.0.102
4.0.103
4.0.104
4.0.105
4.0.106
4.0.107
4.0.108
4.0.109
4.0.110
4.0.111
4.0.112
4.0.113