CVE-2025-62255_CVE-2025-62255

2 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an attachment's filename.

Basic Information

ID CVE-2025-62255

Source Liferay

Published Oct 23, 2025 at 18:47

Modified Oct 23, 2025 at 18:59

Affected Product

Vendor Liferay

Product Portal

Version 7.4.0

Affected Versions Liferay Portal 7.4.0
Liferay DXP 7.3.10
Liferay DXP 7.4.13
Liferay DXP 2023.Q3.1

CWE Classification

CWE-79

References

liferay.dev /portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62255

{
    "lastseen": "",
    "description": "Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions  allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an attachment's filename.",
    "published": "2025-10-23T18:47:18.827Z",
    "modified": "2025-10-23T18:59:11.371Z",
    "type": "cve",
    "title": "CVE-2025-62255",
    "source": "Liferay",
    "references": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62255",
    "id": "CVE-2025-62255",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Liferay Portal 7.4.0\nLiferay DXP 7.3.10\nLiferay DXP 7.4.13\nLiferay DXP 2023.Q3.1",
    "sourceHref": "",
    "cvss": {
        "score": 2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal",
    "version": "7.4.0",
    "vendor": "Liferay",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}