CVE-2025-62276

Published Nov 1, 2025

Last updated 4 months ago

CVSS medium 4.6

Overview

Description: The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.
Source: security@liferay.com
NVD status: Analyzed
Products: digital_experience_platform, liferay_portal

Risk scores

CVSS 4.0

Type: Secondary
Base score: 4.6
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security@liferay.com: CWE-525

Hype score: Not currently trending

CVE-2025-62276 Liferay Portal and DXP Improper Cache-Control Vulnerability Enables Unauthorized File Access https://t.co/m0xCVnrbhC
@VulmonFeeds
1 Nov 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "8E19E344-92B4-4B46-BD89-25EC7191972C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "1EF6451A-2A5D-4222-A1C6-113AA4B8D4E6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "9D6CE430-3C95-4855-BA44-E2E136D1FEB2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "44FEB149-C792-493D-B055-568FFC96298A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "B050DD73-71B6-46CD-A35B-7ACB53BE6C6A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "62432289-E1DC-4013-85C7-6B77299A910F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "0912EEFE-DC56-43F6-AE0E-A4E2A033F3C5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "9398F679-5F47-4DF2-AA91-4A21126675C6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "8296B54A-976A-404C-AB77-0619E4297A69",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.9:*:*:*:*:*:*:*",
            "matchCriteriaId": "F778EB15-2AB0-44C1-BD99-9F7F1851E167",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q3.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "625E6C10-D0C7-4C5D-99F8-601A7B942392",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "B5CE3202-2723-44A6-B63F-061138287FDA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "A27A8480-7EE1-4265-9117-D6C234ACAC5F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "94425688-725E-41DC-B2D3-14F2A7163AD6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "623CA096-BDBB-4F59-B734-07FB405800CE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "30B27CBE-14BA-4EBB-8B74-91DD1228A1F5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "81EDBB1C-9EBB-4FAD-ADAC-B5A890BB3F50",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "658B4C0D-D8A2-40DF-87BE-A2E148082BB7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "9C3DD89D-A40C-4C31-B698-A23C4A6F243E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "C785189B-09C0-4395-A8C5-4C548836B08C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.9:*:*:*:*:*:*:*",
            "matchCriteriaId": "C436962A-5DAC-4843-9EE9-3E18F1524BE0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023.q4.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "DFCAE569-D95A-4635-8E92-5142A7C70F51",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2D6470C7-9D36-43F3-86CB-B79ED9EA53F4",
            "versionEndExcluding": "7.4.3.112",
            "versionStartIncluding": "7.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 4.0

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References