Primary

Context

Liferay Portal and DXP Denial-of-Service Vulnerability via Excessive File Upload

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Liferay Portal versions 7.4.3.0 through 7.4.3.132, as well as in Liferay DXP versions 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16, and Liferay DXP 7.4 GA through update 92. This vulnerability allows users to upload profile pictures exceeding the maximum size limit of 300KB, leading to potential performance degradation by slowing down the application.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, where the application becomes slower and less responsive due to the excessive amount of uploaded data.

Remediation

Users can upgrade to Liferay Portal's master branch or Liferay DXP versions 2025.Q2.0, 2025.Q1.9, or 2024.Q1.17 to address this vulnerability.

Added: Aug 12, 2025, 11:16 AM

Updated: Aug 12, 2025, 11:16 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liferay Portal and DXP Denial-of-Service Vulnerability via Excessive File Upload

Vulnerability

Impact

Remediation

Affected Products

Liferay Portal

Liferay DXP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating