CVE-2025-3602 – Liferay Portal Denial-of-Service GraphQL Query Depth Vulnerability

June 16, 2025

CVE ID : CVE-2025-3602

Published : June 16, 2025, 2:15 p.m. | 4 hours, 6 minutes ago

Description : Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6124 – Code-projects Restaurant Order System SQL Injection Vulnerability

Next Article CVE-2025-36632 – Tenable Agent Local Privilege Escalation (LPE)

Highlights

CVE-2025-5972 – PHPGurukul Restaurant Table Booking System Cross-Site Scripting Vulnerability

June 10, 2025

CVE ID : CVE-2025-5972

Published : June 10, 2025, 7:15 p.m. | 2 hours, 33 minutes ago

Description : A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/manage-subadmins.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

Looking for an Ubuntu Manual? Try This Book

CVE-2025-3602 – Liferay Portal Denial-of-Service GraphQL Query Depth Vulnerability

Why the tech industry needs to stand firm on preserving end-to-end encryption

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

CVE-2025-47445 – Eventin Path Traversal Vulnerability

Of course you can already play WWE 2K25 as Mr. Iguana

CVE-2025-3986 – Apache Apereo CAS Regular Expression Inefficient Complexity Remote Vulnerability

CVE-2025-5124 – Sony Security Camera Default Credentials Vulnerability

CVE-2025-5972 – PHPGurukul Restaurant Table Booking System Cross-Site Scripting Vulnerability

CVE-2025-34024 – Edimax EW-7438RPn Command Injection Vulnerability

Verifying Exception Reporting in Laravel with assertReported

Zimbra Collaboration Server GraphQL Vulnerability Exposes Sensitive User Data

CVE-2025-3602 – Liferay Portal Denial-of-Service GraphQL Query Depth Vulnerability

Related Posts