Skip to content

Commit 6eeed9c

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent 4164cd3 commit 6eeed9c

File tree

1 file changed

+34
-5
lines changed

1 file changed

+34
-5
lines changed

advisories/unreviewed/2025/10/GHSA-6pgj-w687-9c8c/GHSA-6pgj-w687-9c8c.json renamed to advisories/github-reviewed/2025/10/GHSA-6pgj-w687-9c8c/GHSA-6pgj-w687-9c8c.json

Lines changed: 34 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,53 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6pgj-w687-9c8c",
4-
"modified": "2025-10-21T18:30:35Z",
4+
"modified": "2025-10-21T20:26:48Z",
55
"published": "2025-10-21T18:30:35Z",
66
"aliases": [
77
"CVE-2025-62250"
88
],
9+
"summary": "Liferay Portal fails to verify messages from the cluster network is trusted",
910
"details": "Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions that will treat it as trusted data via unauthenticated cluster messages.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V4",
13-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "com.liferay:com.liferay.portal.cluster.multiple"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "5.0.35"
32+
}
33+
]
34+
}
35+
]
1436
}
1537
],
16-
"affected": [],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62250"
2142
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/liferay/liferay-portal"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://liferay.atlassian.net/browse/LPE-17901"
50+
},
2251
{
2352
"type": "WEB",
2453
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62250"
@@ -29,8 +58,8 @@
2958
"CWE-346"
3059
],
3160
"severity": "MODERATE",
32-
"github_reviewed": false,
33-
"github_reviewed_at": null,
61+
"github_reviewed": true,
62+
"github_reviewed_at": "2025-10-21T20:26:48Z",
3463
"nvd_published_at": "2025-10-21T16:15:38Z"
3564
}
3665
}

0 commit comments

Comments
 (0)