CVE-2025-3526 – Liferay Portal SessionClicks HTTP Session Memory Consumption Denial-of-Service (DoS)

June 16, 2025

CVE ID : CVE-2025-3526

Published : June 16, 2025, 3:15 p.m. | 3 hours, 6 minutes ago

Description : SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3594 – Liferay Portal Xuggler Path Traversal Remote File Inclusion

Next Article CVE-2025-48976 – Apache Commons FileUpload Denial of Service (DoS) Vulnerability

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

Don’t miss out on the best ROG Ally accessory deals going on now — Improve your gaming handheld PC with a microSD card, power bank, dock, and more

Regolith – A JavaScript library immune to ReDoS attacks

Regolith – A JavaScript library immune to ReDoS attacks

Create Your Own Redux: Build a Custom State Management in React

Perficient Nagpur Celebrates Contentstack Implementation Certification Success!

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

CVE-2025-3526 – Liferay Portal SessionClicks HTTP Session Memory Consumption Denial-of-Service (DoS)

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Selenium Report Generation: A Detailed Analysis

Rilasciata Clonezilla Live 3.2.1-28: tutte le novità della distribuzione GNU/Linux per il backup e la clonazione dei dischi

CVE-2025-1975 – Ollama Server Array Index Access Denial of Service Vulnerability

You Can Now Auto-Generate Google Forms Using Gemini Using Prompts or Files – Here’s How

STALKER 2’s latest free update restores major A-life AI features to NPCs — making them more like the original game at last

CVE-2025-42990 – SAPUI5 Cross-Site Scripting (XSS)

CVE-2025-4152 – PHPGurukul Online Birth Certificate System SQL Injection Vulnerability

Smoothwall Express – firewall solution with a hardened Linux operating system

CVE-2025-3526 – Liferay Portal SessionClicks HTTP Session Memory Consumption Denial-of-Service (DoS)

Related Posts