CVE-2025-2565

MEDIUM Year: 2025
Weakness Type
CWE-201
View all →

Vulnerability Description

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms.

Related Vulnerabilities

CVE-2024-50633

NONE
CVSS:0.0(None)

A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is ...

CWE-2012024

CVE-2020-26085

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27127

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27132

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27133

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020

CVE-2020-27134

CRITICAL
CVSS:9.9(Critical)

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi...

CWE-2012020