CVSS 3.1 Score 6.1 of 10 (medium)


Published Feb 20, 2024
CWE ID 601


CVE-2024-25609 is a vulnerability in Liferay Portal 7.2.0 through, older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, and 7.2 fix pack 15 through 18, along with older unsupported versions. It can be exploited by remote attackers to redirect users to arbitrary external URLs by using two forward slashes in parameters like 'redirect' and 'FORWARD_URL'. This vulnerability is a result of an incomplete fix in CVE-2022-28977. It has a base severity of MEDIUM with a base score of 6.1 according to CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N vector string provided by, with low impacts on integrity and confidentiality but does not affect availability. Remediation involves updating to the latest versions of Liferay Portal and Liferay DXP to mitigate the risk associated with this vulnerability.

Note: The above summary is based on the given information but lacks specific details that could have been included from external sources for a more comprehensive analysis of the vulnerability and its potential danger to organizations using affected products.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25609 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options