CVE-2025-62258

  • Published: 1761606938
  • Last modified: 1761606938

CVE-2025-62258 — CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the `endpoint` parameter.

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the `endpoint` parameter.

🧠 Explainer: What this vulnerability means

Summary: A flaw in the product from the vendor (CWE: unspecified) can be exploited.

Impact: Potential impact includes remote code execution, data theft, or denial of service.

Mitigation: Until patched, restrict exposure, enforce least privilege, and monitor for suspicious activity.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.