CVE-2025-62262

MEDIUM

Liferay Digital Experience Platform - Log Information Exposure

Title source: rule
STIX 2.1

Description

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users to view user email address in the log files.

References (1)

Scores

CVSS v3 4.4
EPSS 0.0001
EPSS Percentile 3.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-532
Status published
Products (8)
com.liferay/com.liferay.portal.security.ldap.impl 4.0.2 - 4.0.54Maven
liferay/digital_experience_platform 7.3 service_pack_3 (37 CPE variants)
liferay/digital_experience_platform 7.4
liferay/digital_experience_platform 2023.q3.1
liferay/digital_experience_platform 2023.q3.2
liferay/digital_experience_platform 2023.q3.3
liferay/digital_experience_platform 2023.q3.4
liferay/liferay_portal 7.0.0 - 7.4.3.98
Published Oct 27, 2025
Tracked Since Feb 18, 2026