CVSS 3.1 Score 6.1 of 10 (medium)


Published Feb 20, 2024
CWE ID 601


CVE-2024-25609 is a vulnerability in Liferay Portal 7.2.0 through, older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, and 7.2 fix pack 15 through 18, along with older unsupported versions. It can be exploited by remote attackers to redirect users to arbitrary external URLs by using two forward slashes in parameters like 'redirect' and 'FORWARD_URL'. This vulnerability is a result of an incomplete fix in CVE-2022-28977. It has a base severity of MEDIUM with a base score of 6.1 according to CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N vector string provided by [email protected], with low impacts on integrity and confidentiality but does not affect availability. Remediation involves updating to the latest versions of Liferay Portal and Liferay DXP to mitigate the risk associated with this vulnerability. Note: The above summary is based on the given information but lacks specific details that could have been included from external sources for a more comprehensive analysis of the vulnerability and its potential danger to organizations using affected products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-25609 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions