Home > Vulnerability Database > CVE-2025-62244

Mend.io Vulnerability Database

CVE-2025-62244

Good to know:

Date: October 13, 2025

Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edit page of a publication via the _com_liferay_change_tracking_web_portlet_PublicationsPortlet_ctCollectionId parameter.

Severity Score

3.5

Related Resources (6)

Url: https://github.com/liferay/liferay-portal

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62244

Url: https://github.com/liferay/liferay-portal/commit/0a7a4233881d6fa29fba12695b916d885d76349f

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62244

Url: https://github.com/liferay/liferay-portal/commit/31cf99363bf615f4a3383ffcc78d800de3fa2465

Url: https://www.mend.io/vulnerability-database/CVE-2025-62244

Severity Score

3.5

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.change.tracking.web:2.0.122

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62244

Good to know:

Date: October 13, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?