CVE-2024-25609

Summary

CVE-2024-25609 is a vulnerability in Liferay Portal 7.2.0 through 7.4.3.12, older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, and 7.2 fix pack 15 through 18, along with older unsupported versions. It can be exploited by remote attackers to redirect users to arbitrary external URLs by using two forward slashes in parameters like 'redirect' and 'FORWARD_URL'. This vulnerability is a result of an incomplete fix in CVE-2022-28977. It has a base severity of MEDIUM with a base score of 6.1 according to CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N vector string provided by [email protected], with low impacts on integrity and confidentiality but does not affect availability. Remediation involves updating to the latest versions of Liferay Portal and Liferay DXP to mitigate the risk associated with this vulnerability. Note: The above summary is based on the given information but lacks specific details that could have been included from external sources for a more comprehensive analysis of the vulnerability and its potential danger to organizations using affected products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.