CNNVD-202506-1895 Information
CNNVD ID
CNNVD-202506-1895
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Liferay Portal和Liferay DXP都是美国Liferay公司的产品。Liferay Portal是一套基于J2EE的门户解决方案。该方案使用了EJB以及JMS等技术,并可作为Web发布和共享工作区、企业协作平台、社交网络等。Liferay DXP是一套数字化体验协作平台。 Liferay Portal和Liferay DXP存在路径遍历漏洞,该漏洞源于路径遍历问题,可能导致添加或执行任意文件。以下产品及版本受到影响:Liferay Portal 7.0.0至7.4.3.4版本和Liferay DXP 7.4 GA版本、7.3 GA至update 34版本及之前版本。
Description (English)
Liferay Portal and Liferay DXP are products of the United States company Liferay. Liferay Portal is a portal solution based on J2EE. The programme uses technologies such as EJB and JMS, and can be used as a Web-based workspace, corporate collaboration platform, social networking etc. Liferay DXP is a collaborative platform for digital experience. Liferay Portal and Liferay DXP had a loophole in their path, which stemmed from the problem of the path, which could lead to the addition or execution of any document. The following products and versions were affected: Liveray Portal 7.0.0 to 7.4.3.4 and Liveray DXP 7.4 GA, 7.3 GA to update 34 and earlier.
Hazard Level
Low
Vulnerability Type
路径遍历
Affected Vendor
Liferay
Published
2025-06-16
Last Modified
2026-02-24
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3594 https://access.redhat.com/security/cve/cve-2025-3594