CVE-2025-4655 Information

Description

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132 and Liferay DXP 2025.Q1.0 through 2025.Q1.5 2024.Q4.0 through 2024.Q4.7 2024.Q3.1 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.15 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.

Reference

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4655