Home

Description

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users to view user email address in the log files.

PUBLISHED Reserved 2025-10-09 | Published 2025-10-27 | Updated 2025-10-28 | Assigner Liferay




MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-532 Insertion of Sensitive Information into Log File

Product status

Default status
unaffected

7.4.0 (maven)
affected

Default status
unaffected

7.3.10 (maven)
affected

7.4.13 (maven)
affected

2023.Q3.1 (maven)
affected

References

liferay.dev/...-/asset_publisher/jekt/content/CVE-2025-62263

cve.org (CVE-2025-62262)

nvd.nist.gov (CVE-2025-62262)

Download JSON