CVE-2025-62262 MEDIUM

CVE-2025-62262

Vendor Liferay
Product Portal
Weakness CWE-532 · Sensitive info in logs
Published October 27, 2025
Last update October 28, 2025

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users to view user email address in the log files.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
October 28, 2025 Record updated