CVE-2025-4604

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-4604
Type cve
Published 2025-08-04T22:08:53.926Z
Modified 2025-08-04T22:08:53.926Z

Product Information

Vendor Liferay
Product Portal
Version 7.4.0

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Affected Products

  • Liferay Portal 7.4.0
  • Liferay DXP 7.4.13-u80
  • Liferay DXP 2024.Q1.1
  • Liferay DXP 2024.Q2.0
  • Liferay DXP 2024.Q3.0
  • Liferay DXP 2024.Q4.0
  • Liferay DXP 2025.Q1.0

Additional Information

CWE List CWE-79
Source Liferay

Description

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.