CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-3594

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitrary locations on the server and (2) download and execute arbitrary files from the download server via the `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.9%

CVSS Severity

CVSS v3 Score 9.8

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3594

Products affected by CVE-2025-3594

Liferay » Digital Experience Platform » Version: 7.0

cpe:2.3:a:liferay:digital_experience_platform:7.0
Liferay » Digital Experience Platform » Version: 7.1

cpe:2.3:a:liferay:digital_experience_platform:7.1
Liferay » Digital Experience Platform » Version: 7.2

cpe:2.3:a:liferay:digital_experience_platform:7.2
Liferay » Digital Experience Platform » Version: 7.3

cpe:2.3:a:liferay:digital_experience_platform:7.3
Liferay » Digital Experience Platform » Version: 7.4

cpe:2.3:a:liferay:digital_experience_platform:7.4
Liferay » Liferay Portal » Version: 6.2

cpe:2.3:a:liferay:liferay_portal:6.2
Liferay » Liferay Portal » Version: 7.0.0

cpe:2.3:a:liferay:liferay_portal:7.0.0
Liferay » Liferay Portal » Version: 7.0.1

cpe:2.3:a:liferay:liferay_portal:7.0.1
Liferay » Liferay Portal » Version: 7.0.2

cpe:2.3:a:liferay:liferay_portal:7.0.2
Liferay » Liferay Portal » Version: 7.0.3

cpe:2.3:a:liferay:liferay_portal:7.0.3
Liferay » Liferay Portal » Version: 7.0.3_ga4

cpe:2.3:a:liferay:liferay_portal:7.0.3_ga4
Liferay » Liferay Portal » Version: 7.0.4

cpe:2.3:a:liferay:liferay_portal:7.0.4
Liferay » Liferay Portal » Version: 7.0.5

cpe:2.3:a:liferay:liferay_portal:7.0.5
Liferay » Liferay Portal » Version: 7.0.6

cpe:2.3:a:liferay:liferay_portal:7.0.6
Liferay » Liferay Portal » Version: 7.1

cpe:2.3:a:liferay:liferay_portal:7.1
Liferay » Liferay Portal » Version: 7.1.0

cpe:2.3:a:liferay:liferay_portal:7.1.0
Liferay » Liferay Portal » Version: 7.1.1

cpe:2.3:a:liferay:liferay_portal:7.1.1
Liferay » Liferay Portal » Version: 7.1.2

cpe:2.3:a:liferay:liferay_portal:7.1.2
Liferay » Liferay Portal » Version: 7.1.3

cpe:2.3:a:liferay:liferay_portal:7.1.3
Liferay » Liferay Portal » Version: 7.2

cpe:2.3:a:liferay:liferay_portal:7.2
Liferay » Liferay Portal » Version: 7.2.0

cpe:2.3:a:liferay:liferay_portal:7.2.0
Liferay » Liferay Portal » Version: 7.2.1

cpe:2.3:a:liferay:liferay_portal:7.2.1
Liferay » Liferay Portal » Version: 7.3

cpe:2.3:a:liferay:liferay_portal:7.3
Liferay » Liferay Portal » Version: 7.3.0

cpe:2.3:a:liferay:liferay_portal:7.3.0
Liferay » Liferay Portal » Version: 7.3.1

cpe:2.3:a:liferay:liferay_portal:7.3.1
Liferay » Liferay Portal » Version: 7.3.2

cpe:2.3:a:liferay:liferay_portal:7.3.2
Liferay » Liferay Portal » Version: 7.3.3

cpe:2.3:a:liferay:liferay_portal:7.3.3
Liferay » Liferay Portal » Version: 7.3.4

cpe:2.3:a:liferay:liferay_portal:7.3.4
Liferay » Liferay Portal » Version: 7.3.5

cpe:2.3:a:liferay:liferay_portal:7.3.5
Liferay » Liferay Portal » Version: 7.3.6

cpe:2.3:a:liferay:liferay_portal:7.3.6
Liferay » Liferay Portal » Version: 7.3.7

cpe:2.3:a:liferay:liferay_portal:7.3.7
Liferay » Liferay Portal » Version: 7.4.0

cpe:2.3:a:liferay:liferay_portal:7.4.0
Liferay » Liferay Portal » Version: 7.4.1

cpe:2.3:a:liferay:liferay_portal:7.4.1
Liferay » Liferay Portal » Version: 7.4.2

cpe:2.3:a:liferay:liferay_portal:7.4.2
Liferay » Liferay Portal » Version: 7.4.3.4

cpe:2.3:a:liferay:liferay_portal:7.4.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-3594

Products

Pricing

Contact Us