CVE-2025-62247
📋 TL;DR
This vulnerability allows authenticated users in Liferay Portal/DXP to access and select unauthorized Blueprints through Collection Providers across instances due to missing authorization checks. It affects Liferay Portal 7.4.0-7.4.3.132 and multiple Liferay DXP versions from 2024.Q1 through 2025.Q2. The issue enables information disclosure and potential unauthorized configuration changes.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive Blueprint configurations across instances, potentially leading to data exposure, unauthorized system modifications, or privilege escalation through crafted Blueprints.
Likely Case
Authenticated users can view and select Blueprints they shouldn't have access to, potentially gaining insights into other instances' configurations or making unauthorized selections.
If Mitigated
With proper access controls and instance isolation, impact is limited to information disclosure within authorized user scope.
🎯 Exploit Status
Requires authenticated access; exploitation involves navigating Collection Provider interfaces to access unauthorized Blueprints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.133+; Liferay DXP 2025.Q2.10+, 2025.Q1.17+, 2024.Q4.8+, 2024.Q3.14+, 2024.Q2.14+, 2024.Q1.20+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62247
Restart Required: No
Instructions:
1. Download appropriate fix pack from Liferay Customer Portal. 2. Apply fix pack following Liferay's deployment procedures. 3. Verify authorization checks are now enforced in Collection Provider.
🔧 Temporary Workarounds
Restrict Collection Provider Access
allLimit user permissions to Collection Provider functionality through role-based access controls.
Navigate to Control Panel > Users > Roles > Define permissions for Collection Provider actions
🧯 If You Can't Patch
- Implement strict access controls and audit Collection Provider usage regularly.
- Isolate instances and restrict cross-instance Blueprint sharing capabilities.
🔍 How to Verify
Check if Vulnerable:
Check Liferay version via Control Panel > Server Administration > Properties > liferay.home/build.{version}. If version falls in affected range and Collection Provider allows cross-instance Blueprint access without proper authorization, system is vulnerable.Check Version:
Check build.{version} file in liferay.home directory or via Control Panel > Server AdministrationVerify Fix Applied:
After patching, test that authenticated users cannot access or select Blueprints from instances they lack authorization for through Collection Provider.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Collection Provider endpoints
- Cross-instance Blueprint access logs without proper authorization
Network Indicators:
- Unusual requests to /api/jsonws/collectionprovider endpoints from unauthorized users
SIEM Query:
source="liferay" AND (uri_path="/api/jsonws/collectionprovider" OR message="CollectionProvider") AND user NOT IN authorized_users