Back to search
CVE-2025-62241
Published: Oct 13, 2025
Modified: Oct 14, 2025
PUBLISHED
Description
Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.
| Vendor | Product | Versions |
|---|---|---|
Liferay | DXP | affected 2023.Q4.0 - <= 2023.Q4.5 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now