N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-62276

GHSA ID

GHSA-6533-fhr2-f38h

EPSS Score

0.0189%

CWE

CWE-525

Published

11/1/2025

Updated

11/3/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62276

CVE-2025-62276: Liferay Portal and DXP use an incorrect cache-control header

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the browser's cache.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-62276

CVE-2025-62276:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-62276

GHSA ID

GHSA-6533-fhr2-f38h

EPSS Score

0.0189%

CWE

CWE-525

Published

11/1/2025

Updated

11/3/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay:com.liferay.adaptive.media.web	maven	< 5.0.52	5.0.52
com.liferay.portal:com.liferay.portal.impl	maven	< 69.1.0	69.1.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is caused by an incorrect Cache-Control header being set on file downloads, which allows browsers to cache potentially sensitive files. An attacker with local access to a user's computer could then access these files from the browser's cache.

The analysis of the provided patches reveals two key locations where this vulnerability is addressed:

com.liferay.portal.webserver.WebServerServlet.service: This servlet is responsible for serving files from the Document Library. The patch modifies the service method to check if the request is for a download (via the download parameter). If it is, the Cache-Control header is set to no-cache, preventing the browser from caching the file. Otherwise, it defaults to private.
com.liferay.adaptive.media.web.internal.servlet.AMServlet.doGet: This servlet handles files for the Adaptive Media module. The patch applies the same logic to the doGet method, setting the Cache-Control header to no-cache for downloads to prevent caching.

Both of these functions are directly involved in processing file download requests and were responsible for setting the incorrect cache header. Therefore, they are the vulnerable functions that would appear in a runtime profile during the exploitation of this vulnerability.

Vulnerable functions

com.liferay.portal.webserver.WebServerServlet.service

portal-impl/src/com/liferay/portal/webserver/WebServerServlet.java

The 'service' method in 'WebServerServlet' was vulnerable because it set a 'Cache-Control' header to 'private' for all file downloads, allowing browsers to cache sensitive files. The patch introduces logic to check for a 'download' parameter and sets the 'Cache-Control' header to 'no-cache' to prevent caching.

com.liferay.adaptive.media.web.internal.servlet.AMServlet.doGet

modules/apps/adaptive-media/adaptive-media-web/src/main/java/com/liferay/adaptive/media/web/internal/servlet/AMServlet.java

The 'doGet' method in 'AMServlet' was vulnerable because it set a 'Cache-Control' header to 'private' for all file downloads from the adaptive media module, which allowed browsers to cache sensitive files. The patch introduces logic to check for a 'download' parameter and sets the 'Cache-Control' header to 'no-cache' to prevent caching.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-62276: Liferay Portal and DXP use an incorrect cache-control header

CVE-2025-62276:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2025-62276: Liferay Portal and DXP use an incorrect cache-control header

N/A

N/A

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI