CVE-2025-3602 – Liferay Portal Denial-of-Service GraphQL Query Depth Vulnerability

June 16, 2025

CVE ID : CVE-2025-3602

Published : June 16, 2025, 2:15 p.m. | 4 hours, 6 minutes ago

Description : Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6124 – Code-projects Restaurant Order System SQL Injection Vulnerability

Next Article CVE-2025-36632 – Tenable Agent Local Privilege Escalation (LPE)

Highlights

CVE-2025-3983 – AMTT Hotel Broadband Operation System NLog Down.php Remote Command Injection Vulnerability

April 27, 2025

CVE ID : CVE-2025-3983

Published : April 27, 2025, 8:15 p.m. | 2 hours, 49 minutes ago

Description : A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

LastPass can now warn or block logins to shadow SaaS apps – here’s how

Get up to a year of Adobe Creative Cloud access for 40% off

Got 6 hours? This free AI training from Google and Goodwill can boost your resume today

Why I recommend this budget phone with a paper-like screen over ‘minimalist’ devices

Laravel Boost, your AI coding starter kit

Laravel Boost, your AI coding starter kit

Using GitHub Copilot in VS Code

Optimizely Mission Control – Part I

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Microsoft’s record stock run collides with Nadella’s admission that 15,000 layoffs still ‘hurt’

Microsoft and Adobe Power Up Fantasy Premier League Fans with AI – Here’s How

CVE-2025-3602 – Liferay Portal Denial-of-Service GraphQL Query Depth Vulnerability

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

The Wild West of Shadow IT

CVE-2025-46631 – Tenda RX2 Pro Telnet Access Control Vulnerability

CVE-2025-29827 – Azure Automation Unprivileged Elevation of Privilege

ChatGPT now has an agent mode

Visual Studio Code now supports Baseline

CVE-2025-3983 – AMTT Hotel Broadband Operation System NLog Down.php Remote Command Injection Vulnerability

N8n vs Make: Which Is Better for Workflow Automation?

CVE-2025-52841 – Laundry CSRF Account Takeover

CVE-2025-46738 – Apache SEL arbitrary code execution vulnerability

CVE-2025-3602 – Liferay Portal Denial-of-Service GraphQL Query Depth Vulnerability

Related Posts