CVE-2025-4655 – Liferay Portal SSRF Template Bypass

August 9, 2025

CVE ID : CVE-2025-4655

Published : Aug. 9, 2025, 5:15 a.m. | 18 hours, 25 minutes ago

Description : SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8745 – Weee RICEPO App Android AndroidManifest.xml Component Export Vulnerability

Next Article CVE-2025-55013 – Assemblyline 4 Service Client Path Traversal Vulnerability

Highlights

CVE-2025-4287 – PyTorch CUDA NCCL Denial of Service Vulnerability

May 5, 2025

CVE ID : CVE-2025-4287

Published : May 5, 2025, 8:15 p.m. | 3 hours, 19 minutes ago

Description : A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-4655 – Liferay Portal SSRF Template Bypass

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Community News: Latest PECL Releases (05.27.2025)

Community News: Latest PECL Releases (04.15.2025)

CVE-2025-46096 – Solon Directory Traversal XSS Vulnerability

CVE-2025-6474 – Code-projects Inventory Management System SQL Injection Vulnerability

CVE-2025-4287 – PyTorch CUDA NCCL Denial of Service Vulnerability

CVE-2025-36519 – WRC RCE via Unrestricted File Upload

How to Use Motion Templates to Level Up Social Media Ads

An Holistic Framework for Shared Design Leadership

CVE-2025-4655 – Liferay Portal SSRF Template Bypass

Related Posts