CVSS 3.1 Score 6.5 of 10 (medium)


Published Feb 7, 2024
CWE ID 400


CVE-2024-25143 is a vulnerability that affects Liferay Portal versions 7.2.0 through 7.3.6, as well as older unsupported versions, and Liferay DXP versions 7.3 before service pack 3 and 7.2 before fix pack 13, and older unsupported versions. This vulnerability allows remote authenticated users to cause a denial of service (memory consumption) by exploiting the Document and Media widget's lack of resource consumption limitation when generating a preview image using crafted PNG images. The base severity of this vulnerability is rated as MEDIUM, with a base score of 6.5 according to CVSS version 3.1. The privileges required for exploitation are low, and no user interaction is necessary. The attack vector is through the network, with the availability impact being high and no impact on integrity or confidentiality. It has been assigned CWE-400 which refers to uncontrolled resource consumption or resource exhaustion.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25143 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options