CVE-2024-25604
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-25604 is a vulnerability affecting Liferay Portal versions 7.2.0 through 7.4.3.4, and older unsupported editions, as well as Liferay DXP versions 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions. This issue stems from insufficient user permission checks, permitting remote, authenticated users holding the VIEW user permission to edit their own permissions via the User and Organizations section of the Control Panel. This flaw can potentially lead to escalation of privileges for attackers, jeopardizing the security of the affected portals.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.