CVE-2025-62258 - CERT CVE

  1. CVE-2025-62258

ID CVE-2025-62258
Sažetak CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the `endpoint` parameter.
Reference
CVSS
Base: 6.5
Impact: 3.6
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Zadnje važnije ažuriranje 10-11-2025 - 21:39
Objavljeno 27-10-2025 - 23:15