Skip to content

Commit cd9adf0

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-9676-rh83-cr86 GHSA-9676-rh83-cr86
1 parent 2f1e33f commit cd9adf0

File tree

2 files changed

+73
-36
lines changed

2 files changed

+73
-36
lines changed

advisories/github-reviewed/2025/10/GHSA-9676-rh83-cr86/GHSA-9676-rh83-cr86.json

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9676-rh83-cr86",
4+
"modified": "2025-10-13T13:34:22Z",
5+
"published": "2025-10-10T21:31:16Z",
6+
"aliases": [
7+
"CVE-2025-62245"
8+
],
9+
"summary": "Liferay Portal is vulnerable to CSRF through publication comments",
10+
"details": "Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V4",
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "com.liferay:com.liferay.change.tracking.web"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "2.0.9"
29+
},
30+
{
31+
"fixed": "2.0.121"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62245"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/liferay/liferay-portal/commit/dd89fff675f04d146fda38a1bec884cf40d0c756"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/liferay/liferay-portal/commit/fa356d07ab239e790b7e460d33c25184aef58716"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/liferay/liferay-portal"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://liferay.atlassian.net/browse/LPE-17932"
58+
},
59+
{
60+
"type": "WEB",
61+
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245"
62+
}
63+
],
64+
"database_specific": {
65+
"cwe_ids": [
66+
"CWE-352"
67+
],
68+
"severity": "MODERATE",
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-10-13T13:34:22Z",
71+
"nvd_published_at": "2025-10-10T20:15:39Z"
72+
}
73+
}

advisories/unreviewed/2025/10/GHSA-9676-rh83-cr86/GHSA-9676-rh83-cr86.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)