Home > Vulnerability Database > CVE-2025-62261

Mend.io Vulnerability Database

CVE-2025-62261

Good to know:

Date: October 27, 2025

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s account.

Severity Score

4.9

Related Resources (6)

Url: https://liferay.atlassian.net/browse/LPE-17785

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62261

Url: https://github.com/liferay/liferay-portal

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62261

Url: https://github.com/liferay/liferay-portal/commit/b228c7878f2ed5ad8dbc1ff7ec9b5e6d53bb4b5c

Url: https://www.mend.io/vulnerability-database/CVE-2025-62261

Severity Score

4.9

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

Top Fix

Upgrade Version

Upgrade to version com.liferay.portal:com.liferay.portal.impl:92.0.2;com.liferay.portal:release.portal.bom:7.4.3.100

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62261

Good to know:

Date: October 27, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?