CVE-2025-62276

MEDIUM

Liferay Portal <7.4.3.111 - Info Disclosure

Title source: llm

Description

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.

References (1)

Core 1

Core References

Vendor Advisory

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62276

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-525

Status published

Products (25)

com.liferay/com.liferay.adaptive.media.web 0 - 5.0.52Maven

com.liferay.portal/com.liferay.portal.impl 0 - 69.1.0Maven

liferay/digital_experience_platform 7.4

liferay/digital_experience_platform 2023.q3.1

liferay/digital_experience_platform 2023.q3.2

liferay/digital_experience_platform 2023.q3.3

liferay/digital_experience_platform 2023.q3.4

liferay/digital_experience_platform 2023.q3.5

liferay/digital_experience_platform 2023.q3.6

liferay/digital_experience_platform 2023.q3.7

... and 15 more

Published Nov 01, 2025

Tracked Since Feb 18, 2026