Home > Vulnerability Database > CVE-2025-62256

Mend.io Vulnerability Database

CVE-2025-62256

Good to know:

Date: October 23, 2025

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers to access the OpenAPI YAML file via a crafted URL.

Severity Score

5.3

Related Resources (8)

Url: https://github.com/liferay/liferay-portal/commit/1ec03c02f2e0ecfdf4101c1a7ade5353767e62e3

Url: https://liferay.atlassian.net/browse/LPE-17884

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62256

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/27b51dbae35bd6e4b415fb33ecf14b2144b5038f

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256

Url: https://github.com/liferay/liferay-portal/commit/bc6138ce1be22babbd90dc2190f4dbe91c039334

Url: https://www.mend.io/vulnerability-database/CVE-2025-62256

Severity Score

5.3

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.security.auth.verifier:6.0.26

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62256

Good to know:

Date: October 23, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?