Home > Vulnerability Database > CVE-2025-62262

Mend.io Vulnerability Database

CVE-2025-62262

Good to know:

Date: October 27, 2025

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users to view user email address in the log files.

Severity Score

4.4

Related Resources (6)

Url: https://github.com/liferay/liferay-portal

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62263

Url: https://github.com/liferay/liferay-portal/commit/fc14297acd87703ba1027d691fa27a6b96bbb57c

Url: https://liferay.atlassian.net/browse/LPE-17826

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62262

Url: https://www.mend.io/vulnerability-database/CVE-2025-62262

Severity Score

4.4

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.security.ldap.impl:4.0.54

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62262

Good to know:

Date: October 27, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?