Home > Vulnerability Database > CVE-2025-62253

Mend.io Vulnerability Database

CVE-2025-62253

Good to know:

Date: October 27, 2025

Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter.

Severity Score

5.3

Related Resources (6)

Url: https://github.com/liferay/liferay-portal

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62253

Url: https://github.com/liferay/liferay-portal/commit/2835554ffe37ac4ba3b794e6d6c0bfd1dc8db301

Url: https://liferay.atlassian.net/browse/LPE-17838

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62253

Url: https://www.mend.io/vulnerability-database/CVE-2025-62253

Severity Score

5.3

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.layout.admin.web:5.0.157

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62253

Good to know:

Date: October 27, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?