CVE-2024-25609

MEDIUM

Liferay Portal 7.2.0-7.4.3.12 & DXP - Open Redirect

Title source: llm

Description

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609

Scores

CVSS v3 6.1

EPSS 0.0026

EPSS Percentile 49.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (7)

com.liferay.portal/release.dxp.bom 7.2.10.fp15Maven

com.liferay.portal/release.portal.bom 7.2.0 - 7.4.3.13-ga13Maven

liferay/digital_experience_platform 7.2 (25 CPE variants)

liferay/digital_experience_platform 7.3 service_pack_3

liferay/digital_experience_platform 7.4 (9 CPE variants)

liferay/digital_experience_platform < 7.2

liferay/liferay_portal < 7.4.3.13

Published Feb 20, 2024

Tracked Since Feb 18, 2026