CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.

CVSS

No CVSS.

References

Link	Resource
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581

Configurations

No configuration.

History

11 Aug 2025, 18:32

Type	Values Removed	Values Added
Summary		(es) Liferay Portal 7.4.0 a 7.4.3.132 y Liferay DXP 2025.Q1.0 a 2025.Q1.4, 2024.Q4.0 a 2024.Q4.7, 2024.Q3.1 a 2024.Q3.13, 2024.Q2.0 a 2024.Q2.13, 2024.Q1.1 a 2024.Q1.15, 7.4 GA a la actualización 92, permiten una vulnerabilidad SSRF ciega de preautenticación en portal-settings-authentication-opensso-web debido a la validación incorrecta de las URL proporcionadas por el usuario. Un atacante puede explotar este problema para forzar al servidor a realizar solicitudes HTTP arbitrarias a sistemas internos, lo que podría provocar la enumeración de la red interna o una mayor explotación.

09 Aug 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-09 05:15

Updated : 2025-08-11 18:32

NVD link : CVE-2025-4581

Mitre link : CVE-2025-4581

CVE.ORG link : CVE-2025-4581

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-4581", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@liferay.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-09T05:15:29.060", "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581", "source": "security@liferay.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@liferay.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation."}, {"lang": "es", "value": "Liferay Portal 7.4.0 a 7.4.3.132 y Liferay DXP 2025.Q1.0 a 2025.Q1.4, 2024.Q4.0 a 2024.Q4.7, 2024.Q3.1 a 2024.Q3.13, 2024.Q2.0 a 2024.Q2.13, 2024.Q1.1 a 2024.Q1.15, 7.4 GA a la actualizaci\u00f3n 92, permiten una vulnerabilidad SSRF ciega de preautenticaci\u00f3n en portal-settings-authentication-opensso-web debido a la validaci\u00f3n incorrecta de las URL proporcionadas por el usuario. Un atacante puede explotar este problema para forzar al servidor a realizar solicitudes HTTP arbitrarias a sistemas internos, lo que podr\u00eda provocar la enumeraci\u00f3n de la red interna o una mayor explotaci\u00f3n."}], "lastModified": "2025-08-11T18:32:48.867", "sourceIdentifier": "security@liferay.com"}