Miggo Logo
Miggo Vulnerability Database
CVE-2025-62251

CVE-2025-62251: Liferay has Incorrect Permission Assignment for Critical Resource

N/A

CVSS Score

Basic Information

CVE ID
CVE-2025-62251
GHSA ID
GHSA-j4f7-gj7q-xg9m
EPSS Score
0.09621%
CWE
CWE-732
Published
10/14/2025
Updated
10/15/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.liferay:com.liferay.site.navigation.menu.item.asset.vocabularymaven< 1.0.231.0.23

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability lies in an incorrect permission assignment, allowing unauthorized users to view content via the Menu Display Widget. The analysis of the provided patch (commit 12bec829da315c21fbc96492ffbdda4c7a2e59cb) reveals that the fix was to implement a missing hasPermission method in the AssetVocabularySiteNavigationMenuItemType class. The commit message, "Implements the permission checking for the asset vocabulary site navigation items," confirms that a permission check was previously absent. Before the patch, when the Menu Display Widget was rendered, the framework would call the hasPermission method on the menu item type. Since AssetVocabularySiteNavigationMenuItemType did not have its own implementation, a default, permissive version from a parent interface was used, leading to the vulnerability. A runtime profiler would show a call to hasPermission on an instance of AssetVocabularySiteNavigationMenuItemType during the menu rendering process. Therefore, this function is identified as the key indicator of the vulnerability being triggered.

Vulnerable functions

com.liferay.site.navigation.menu.item.asset.vocabulary.internal.type.AssetVocabularySiteNavigationMenuItemType.hasPermission
modules/apps/site-navigation/site-navigation-menu-item-asset-vocabulary/src/main/java/com/liferay/site/navigation/menu/item/asset/vocabulary/internal/type/AssetVocabularySiteNavigationMenuItemType.java
The vulnerability is due to a missing permission check. The `AssetVocabularySiteNavigationMenuItemType` class did not implement the `hasPermission` method, causing the system to fall back to a default implementation in the `SiteNavigationMenuItemType` interface. This default implementation was likely permissive, always returning `true`, which allowed users without the necessary permissions to see menu items for asset vocabularies. The patch introduces a specific implementation of `hasPermission` that performs the correct security check, ensuring that only authorized users can view these menu items.

WAF Protection Rules

WAF Rule

Li**r*y Port*l *.*.* t*rou** *.*.*.***, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.*, *.* ** t*rou** up**t* ** *n* *.* ** t*ou** up**t* ** s*ows *ont*nt to us*rs w*o *o not **v* p*rmission to vi*w it vi* t** M*nu *ispl*y W

Reasoning

T** vuln*r**ility li*s in *n in*orr**t p*rmission *ssi*nm*nt, *llowin* un*ut*oriz** us*rs to vi*w *ont*nt vi* t** M*nu *ispl*y Wi***t. T** *n*lysis o* t** provi*** p*t** (*ommit `****************************************`) r*v**ls t**t t** *ix w*s to