CVE-2025-62255 Security Details

CVE ID

CVE-2025-62255

CWE

CWE-79

CVE Description

Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an attachment's filename.

Published

Oct 24, 2025

CVSS Score & Severity

6.1Medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.030%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Affected Ecosystems

affected

Source

National Vulnerability Database

References

https://github.com/advisories/GHSA-gccf-r9xp-x8jxPROJECT