CVE-2025-4581 Information

Aug 10, 2025 cve

Description

Liferay Portal 7.4.0 through 7.4.3.132 and Liferay DXP 2025.Q1.0 through 2025.Q1.4 2024.Q4.0 through 2024.Q4.7 2024.Q3.1 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.15 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems potentially leading to internal network enumeration or further exploitation.

Reference

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581

CNNVD-202508-819 (Published: 2025-08-09)

Share on:

CVE-2025-4581 Information

Description

Reference

Related CNNVD