Liferay Portal, Improper Input Validation, CVE-2025-XXXX (Moderate)

Listen to this Post

The vulnerability, CVE-2025-XXXX, stems from a flaw in the way Liferay Portal parses and validates domain names to determine their subdomain structure. The application incorrectly identifies the effective top-level domain (eTLD) for a given hostname. This flawed logic allows an attacker who controls a website sharing the same public suffix (e.g., .co.uk, .github.io) to be incorrectly recognized as belonging to the same parent domain. Consequently, the portal may set cookies with a broad `Domain` attribute, such as example.co.uk, instead of restricting it to a specific subdomain like site.example.co.uk. These overly permissive cookies, termed supercookies, are then transmitted by the user’s browser to any entity under that top-level domain, including attacker-controlled sites. This enables a remote attacker to harvest these sensitive session or authentication cookies, leading to a compromise of user sessions.
Platform: Liferay Portal/DXP
Version: 7.4.0-7.4.3.105
Vulnerability: Supercookie Creation
Severity: Moderate

date: 2025-09-15

Prediction: Patch by 2025-10-15

What Undercode Say:

curl -H "Host: attacker.example.co.uk" http://victim.example.co.uk/`
<h2 style="color: blue;">
document.cookie</h2>
<h2 style="color: blue;">
Set-Cookie: JSESSIONID=…; Domain=.example.co.uk;</h2>
<h2 style="color: blue;">How Exploit:</h2>
Attacker registers
evil.github.io. User accessescompany.github.io, which sets a supercookie forDomain=.github.io. Browser sends this cookie toevil.github.io, allowing attacker to steal it via JavaScript (document.cookie`).

Protection from this CVE:

Apply vendor patch.

Configure application firewall.

Sanitize cookie domains.

Impact:

Session Hijacking

Information Disclosure

Cross-Site Request Forgery

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top