CVE-2025-3526 – Liferay Portal SessionClicks HTTP Session Memory Consumption Denial-of-Service (DoS)

June 16, 2025

CVE ID : CVE-2025-3526

Published : June 16, 2025, 3:15 p.m. | 3 hours, 6 minutes ago

Description : SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3594 – Liferay Portal Xuggler Path Traversal Remote File Inclusion

Next Article CVE-2025-48976 – Apache Commons FileUpload Denial of Service (DoS) Vulnerability

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

CVE-2025-3526 – Liferay Portal SessionClicks HTTP Session Memory Consumption Denial-of-Service (DoS)

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

CVE-2025-4228 – Palo Alto Networks Cortex XDR Broker VM Privilege Escalation Vulnerability

CVE-2025-4070 – PHPGurukul Rail Pass Management System SQL Injection Vulnerability

CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

GitHub Enterprise Server Vulnerabilities Allows Arbitrary Code Execution

Huayra is a Linux distribution based on Debian

Introducing Gemma 3

Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited

Insurance firm Lemonade warns of breach of thousands of driving license numbers

CVE-2025-3526 – Liferay Portal SessionClicks HTTP Session Memory Consumption Denial-of-Service (DoS)

Related Posts