N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62260

GHSA ID

GHSA-vgqx-447m-wvcj

EPSS Score

0.35668%

CWE

CWE-400

Published

10/28/2025

Updated

10/29/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62260

CVE-2025-62260: Liferay Portal Vulnerable to DoS via Crafted Headless API Request

Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing a request that returns a large number of objects.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-62260

GHSA ID

GHSA-vgqx-447m-wvcj

EPSS Score

0.35668%

CWE

CWE-400

Published

10/28/2025

Updated

10/29/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay.portal:release.portal.bom	maven	>= 7.4.0-ga1, < 7.4.3.100	7.4.3.100

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Li**r*y Port*l *.*.* t*rou** *.*.*.**, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.*, *.* ** t*rou** up**t* **, *.* ** t*rou** up**t* **, *n* ol**r unsupport** v*rsions *o*s not limit t** num**r o* o*j**ts r*turn** *rom ****l*ss *PI r*qu*sts, w*i** *ll

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-62260: Liferay Portal Vulnerable to DoS via Crafted Headless API Request

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI