CVE-2025-4655 – Liferay Portal SSRF Template Bypass

August 9, 2025

CVE ID : CVE-2025-4655

Published : Aug. 9, 2025, 5:15 a.m. | 18 hours, 25 minutes ago

Description : SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8745 – Weee RICEPO App Android AndroidManifest.xml Component Export Vulnerability

Next Article CVE-2025-55013 – Assemblyline 4 Service Client Path Traversal Vulnerability

Highlights

CVE-2025-20186 – “Cisco Wireless LAN Controller Lobby Ambassador Command Injection Vulnerability”

May 7, 2025

CVE ID : CVE-2025-20186

Published : May 7, 2025, 6:15 p.m. | 1 hour, 29 minutes ago

Description : A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15.

Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-4655 – Liferay Portal SSRF Template Bypass

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Xbox reminds us that Hollow Knight: Silksong is still coming to Xbox Game Pass

CVE-2025-5655 – PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE-2025-4189 – WordPress Audio Comments Plugin CSRF

“So many amazing Forgers have just given up” — Halo Infinite just lost its best Forge creators over lack of support

CVE-2025-20186 – “Cisco Wireless LAN Controller Lobby Ambassador Command Injection Vulnerability”

How to Build a Telehealth App Using Stream Video and Chat SDK in React

CVE-2025-41404 – Iroha Board Information Disclosure

How to Build a Custom MCP Server with TypeScript – A Handbook for Developers

CVE-2025-4655 – Liferay Portal SSRF Template Bypass

Related Posts