Home > Vulnerability Database > CVE-2025-62276

Mend.io Vulnerability Database

CVE-2025-62276

Good to know:

Date: October 31, 2025

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.

Severity Score

4.4

Related Resources (7)

Url: https://github.com/liferay/liferay-portal/commit/36c080fc4522e46d69b5c3b4b9eb6aca5ff52699

Url: https://github.com/liferay/liferay-portal

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62276

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62276

Url: https://liferay.atlassian.net/browse/LPE-17701

Url: https://github.com/liferay/liferay-portal/commit/9781b594cffcd23583a1a0f93746fd20e3eb55bd

Url: https://www.mend.io/vulnerability-database/CVE-2025-62276

Severity Score

4.4

Weakness Type (CWE)

Use of Web Browser Cache Containing Sensitive Information

CWE-525

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.adaptive.media.web:5.0.52;com.liferay.portal:com.liferay.portal.impl:69.1.0;https://github.com/liferay/liferay-portal.git - 7.4.3.66-ga66

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62276

Good to know:

Date: October 31, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?