CVE-2024-25145
📋 TL;DR
This stored XSS vulnerability in Liferay's Portal Search module allows authenticated attackers to inject malicious scripts into search results when highlighting is disabled. Successful exploitation enables session hijacking, credential theft, and content manipulation. Affected users include all authenticated users on vulnerable Liferay Portal and DXP installations.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
Dxp by Liferay
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over administrative accounts, deploy backdoors, exfiltrate sensitive data, and completely compromise the Liferay instance and potentially connected systems.
Likely Case
Attackers would steal user session cookies, perform actions as authenticated users, deface content, redirect users to malicious sites, and potentially escalate privileges within the application.
If Mitigated
With proper input validation and output encoding, the attack would be prevented, though the vulnerability would still exist in the codebase.
🎯 Exploit Status
Requires authenticated user access; exploitation involves creating searchable content with malicious payloads
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.12+, Liferay DXP 7.4 update 8+, 7.3 update 4+, 7.2 fix pack 17+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145
Restart Required: Yes
Instructions:
1. Download appropriate patch from Liferay customer portal 2. Apply patch following Liferay's patching procedures 3. Restart Liferay instance 4. Verify fix by testing search functionality with XSS payloads
🔧 Temporary Workarounds
Enable Search Highlighting
allEnable highlighting in Search Result app configuration to prevent exploitation
Input Validation Filter
allImplement web application firewall or input validation filter to sanitize search content
🧯 If You Can't Patch
- Enable search highlighting in all Search Result app configurations
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Check if highlighting is disabled in Search Result app and test with XSS payloads in searchable contentCheck Version:
Check Liferay version via Control Panel → Configuration → Server Administration → System InformationVerify Fix Applied:
After patching, attempt to inject XSS payloads in searchable content and verify they are properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual content creation patterns
- Multiple search requests with suspicious parameters
- Script tags in search content
Network Indicators:
- Unexpected outbound connections from Liferay server
- Suspicious JavaScript in search responses
SIEM Query:
source="liferay" AND (message="*<script>*" OR message="*javascript:*") AND (resource="SearchResult" OR resource="PortalSearch")