Home

Description

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.

PUBLISHED Reserved 2025-10-09 | Published 2025-10-31 | Updated 2025-11-03 | Assigner Liferay




MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-525: Use of Web Browser Cache Containing Sensitive Information

Product status

Default status
unaffected

7.4.0 (maven)
affected

Default status
unaffected

7.4.13 (maven)
affected

2023.Q3.1 (maven)
affected

2023.Q4.0 (maven)
affected

References

liferay.dev/...-/asset_publisher/jekt/content/CVE-2025-62276

cve.org (CVE-2025-62276)

nvd.nist.gov (CVE-2025-62276)

Download JSON