CVSS 3.1 Score 6.5 of 10 (medium)


Published Feb 7, 2024
CWE ID 400


CVE-2024-25143 is a vulnerability that affects Liferay Portal versions 7.2.0 through 7.3.6, as well as older unsupported versions, and Liferay DXP versions 7.3 before service pack 3 and 7.2 before fix pack 13, and older unsupported versions. This vulnerability allows remote authenticated users to cause a denial of service (memory consumption) by exploiting the Document and Media widget's lack of resource consumption limitation when generating a preview image using crafted PNG images. The base severity of this vulnerability is rated as MEDIUM, with a base score of 6.5 according to CVSS version 3.1. The privileges required for exploitation are low, and no user interaction is necessary. The attack vector is through the network, with the availability impact being high and no impact on integrity or confidentiality. It has been assigned CWE-400 which refers to uncontrolled resource consumption or resource exhaustion.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-25143 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions