Liferay Portal
Moderate fix1 remedy
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 7.4.0, <= 7.4.3.132
Liferay Portal and Liferay DXP File Upload Vulnerability Leading to Potential Denial-of-Service
Vulnerability
Patched
A vulnerability exists in Liferay Portal versions 7.4.0 to 7.4.3.132 and in Liferay DXP across several 2024 and 2025 releases, as well as in Liferay DXP 7.4 GA through update 92. This vulnerability allows users to upload an unlimited number of files via the object entries attachment fields. The uploaded files are stored in the document library, which could enable an attacker to create a potential denial-of-service condition.
Impact
Exploitation of this vulnerability could lead to a denial-of-service condition, causing potential disruption or degradation of service.
Remediation
Liferay Portal users can upgrade to the latest version. Liferay DXP users should upgrade to version 2024.Q1.16, 2025.Q1.5, or 2025.Q2.0.
Added: Aug 22, 2025, 1:17 AM
Updated: Aug 22, 2025, 1:17 AM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
7.4remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.