CVE-2024-25149

Summary

CVE-2024-25149 is a vulnerability that affects Liferay Portal versions 7.2.0 through 7.4.1, as well as older unsupported versions, and Liferay DXP versions 7.3 before service pack 3 and 7.2 before fix pack 15, along with older unsupported versions. This vulnerability allows remote authenticated users to add users who are not members of the parent site to a child site, even when the "Limit membership to members of the parent site" option is enabled. As a result, the added user may gain unauthorized access and perform unauthorized actions within the child site. The base severity of this vulnerability is rated as MEDIUM with a base score of 5.4 according to the CVSS:3.1 scoring system. The exploitability score is 2.8, indicating a relatively low level of difficulty for attackers to exploit this vulnerability remotely over a network connection. The impact score is 2.5, suggesting that while the potential danger is relatively low in terms of integrity and confidentiality impacts, there may still be some level of risk for organizations using these affected Liferay products. Note: The information provided in this response was derived from analyzing the given text and does not represent actual data or findings from external sources or events.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.