CVSS 3.1 Score 5.4 of 10 (medium)


Published Feb 20, 2024
CWE ID 863


CVE-2024-25149 is a vulnerability that affects Liferay Portal versions 7.2.0 through 7.4.1, as well as older unsupported versions, and Liferay DXP versions 7.3 before service pack 3 and 7.2 before fix pack 15, along with older unsupported versions. This vulnerability allows remote authenticated users to add users who are not members of the parent site to a child site, even when the "Limit membership to members of the parent site" option is enabled. As a result, the added user may gain unauthorized access and perform unauthorized actions within the child site. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.4 according to the CVSS:3.1 scoring system. The exploitability score is 2.8, indicating a relatively low level of difficulty for attackers to exploit this vulnerability remotely over a network connection. The impact score is 2.5, suggesting that while the potential danger is relatively low in terms of integrity and confidentiality impacts, there may still be some level of risk for organizations using these affected Liferay products. Note: The information provided in this response was derived from analyzing the given text and does not represent actual data or findings from external sources or events.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25149 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options