Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-62276
CVE-2025-62276:
Java vulnerability analysis and mitigation
Overview
CVE-2025-62276 affects the Document Library and Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions, as well as Liferay DXP versions 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92. The vulnerability was disclosed on October 31, 2025 (Liferay Dev).
Technical details
The vulnerability stems from an incorrect implementation of cache-control headers in the Document Library and Adaptive Media modules. The CVSS v4.0 score is 4.6 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N), indicating a medium severity issue (Liferay Dev).
Impact
The vulnerability allows local users to gain unauthorized access to downloaded files through the browser's cache, potentially exposing sensitive information (Liferay Dev).
Mitigation and workarounds
The vulnerability has been fixed in Liferay Portal version 7.4.3.112 and Liferay DXP version 2024.Q1.1. Organizations using affected versions should upgrade to these patched versions to mitigate the risk (Liferay Dev).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management