CVE-2025-3639
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Liferay Portal Login Bypass Vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | com.liferay.portal:release.portal.bom | >=7.3.0-ga1,<=7.4.3.132-ga132 | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-3639
- https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05
- https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78
- https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7
- https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518
- https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb
- https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2
- https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc
- https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f
- https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67
- https://github.com/liferay/liferay-portal
- https://liferay.atlassian.net/browse/LPE-18212
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639
Verify integrity in audit chain (admin only). AS-IS.