CVE Daily

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3...

Low CVSS 2.0

Overview

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.

CWE: CWE-918 Published: 2025-08-09T05:15:29.330
Risk analysis

This vulnerability is rated 🟢 LOW.

  • CVSS: 2.0 (LOW)
  • Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

  • Deny access to internal/metadata addresses; use outbound allowlists.

Recommended tools

Tags