CVE-2025-62266
📋 TL;DR
This CVE describes a DNS rebinding vulnerability in Liferay Portal and DXP that allows attackers to redirect users to malicious external URLs. Affected systems include Liferay Portal 7.4.0-7.4.3.119 and various Liferay DXP versions from 2023.Q3.1 through 2024.Q1.5.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect authenticated users to phishing sites, credential harvesting pages, or malware distribution sites, potentially leading to account compromise or malware infection.
Likely Case
Users are redirected to malicious websites that may steal session cookies, credentials, or deliver phishing content.
If Mitigated
With proper controls, the attack surface is reduced, but users could still be redirected to legitimate but unintended external sites.
🎯 Exploit Status
Requires DNS manipulation and user interaction. Attackers need to control DNS records and trick users into visiting malicious domains.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.120+, Liferay DXP 2024.Q1.6+, 2023.Q4.11+, 2023.Q3.11+, 7.4 update 93+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256
Restart Required: No
Instructions:
1. Update to patched versions: Liferay Portal 7.4.3.120 or higher, or Liferay DXP 2024.Q1.6/2023.Q4.11/2023.Q3.11/7.4 update 93 or higher. 2. Apply the patch through your Liferay update mechanism. 3. Verify the fix by checking the redirect URL security configuration.
🔧 Temporary Workarounds
Change redirect URL security from IP to domain
allModify the redirect URL security setting to use domain-based validation instead of IP-based validation
Navigate to Control Panel > Configuration > System Settings > Security > Portal Security > Redirect URL Security
Change 'redirect.url.security.mode' from 'ip' to 'domain'
🧯 If You Can't Patch
- Implement the workaround to change redirect URL security from IP to domain validation
- Deploy network controls to monitor and block suspicious redirects to external domains
🔍 How to Verify
Check if Vulnerable:
Check if redirect.url.security.mode is set to 'ip' in System Settings > Security > Portal Security > Redirect URL SecurityCheck Version:
Check Liferay version in Control Panel > Server Administration > Properties or via System InformationVerify Fix Applied:
Verify redirect.url.security.mode is set to 'domain' and test redirect functionality📡 Detection & Monitoring
Log Indicators:
- Unusual redirect patterns in access logs
- Requests to unexpected external domains following Liferay redirects
Network Indicators:
- DNS queries for suspicious domains from Liferay servers
- Outbound connections to unexpected IP addresses following redirects
SIEM Query:
source="liferay" AND (url="*redirect*" OR status=302 OR status=301) AND dest_domain NOT IN (allowed_domains)