logo

Database

Lack of data validation - Path Traversal In com.liferay.portal:release.portal.bom

Description

Liferay Portal Username Enumeration Vulnerability Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2025-437542. NVD-2025-437543. OSV-2025-437544. GCVE-2025-43754

References

1. https://github.com/liferay/liferay-portal/commit/f25bb9583f059f86937649fdacf940928ca3767b2. https://github.com/liferay/liferay-portal/commit/c8041d0f527388305897ac79f98d012bb31b82ac3. https://github.com/liferay/liferay-portal/commit/9ce8b8dec237f9b9049760904fcefd06a86958324. https://github.com/liferay/liferay-portal/commit/9b4be82e964e9bbab1ce9824a61d9f40b28f38bb5. https://github.com/liferay/liferay-portal/commit/862ca74aaf98c70823022b6556cdc8a339128f796. https://github.com/liferay/liferay-portal/commit/7118e956516d48792fb9365d1ae1f0ee971a8ac37. https://github.com/liferay/liferay-portal/commit/6fdbb052a6e0cbe8b300138fb75f88df69f587998. https://github.com/liferay/liferay-portal/commit/6f6f9f0922f6a13e21236915b864e0c1c12e47a99. https://github.com/liferay/liferay-portal/commit/6629bb176c1f58ca852d599c013bd3e97b3312d310. https://github.com/liferay/liferay-portal/commit/5b1bf48b0dc2a062928237ab1ea4a2274c63e65211. https://github.com/liferay/liferay-portal/commit/556450752159503476635c44736721ad797fa43112. https://github.com/liferay/liferay-portal/commit/53e6dcaa31a7599df8de9d3cef92e59e95a2064e13. https://github.com/liferay/liferay-portal/commit/45c3ca76966ddfaf8fe650f28910b0f55536f2b414. https://github.com/liferay/liferay-portal/commit/38c0a06cebf0d635aa2af9912c068217161fcf1e15. https://github.com/liferay/liferay-portal/commit/367dc7d19aa31eaf881f217ceff9610f1747e2d716. https://github.com/liferay/liferay-portal/commit/33697cf599a2c573ef9571696af55476ecc2ada617. https://github.com/liferay/liferay-portal/commit/18a88af5409a5085cb094f5bc55229d5e03a9f2918. https://github.com/liferay/liferay-portal/commit/06b603671f0e76cd50f56d803a310a3c79944d1d19. https://liferay.atlassian.net/browse/LPE-1814920. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4375421. http://github.com/liferay/liferay-portal/commit/8199c568a66d66d6ad7ac450d3c69f6e0e9bd181

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.