Primary

Context

Liferay Portal and DXP Open Redirect Vulnerability

Vulnerability

Patched

An open redirect vulnerability has been identified in Liferay Portal versions 7.4.3.86 through 7.4.3.131, as well as in Liferay DXP versions 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 86 through update 92. This vulnerability allows attackers to redirect users to malicious sites by exploiting the '/c/portal/edit_info_item' parameter redirect.

Impact

Exploitation of this vulnerability could lead to users being redirected to malicious websites, potentially causing phishing or malware distribution.

Remediation

Users can upgrade to Liferay Portal 7.4.3.132 or Liferay DXP versions 2024.Q1.13, 2024.Q3.10, 2024.Q4.0, or 2025.Q1.0 to address this vulnerability.

Added: Aug 23, 2025, 4:17 AM

Updated: Aug 23, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liferay Portal and DXP Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Liferay Portal

Liferay DXP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating