CVE-2025-3639
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Liferay Portal Login Bypass Vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | com.liferay.portal:release.portal.bom | >=7.3.0-ga1,<=7.4.3.132-ga132 | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-3639
- https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05
- https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78
- https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7
- https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518
- https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb
- https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2
- https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc
- https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f
- https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67
- https://github.com/liferay/liferay-portal
- https://liferay.atlassian.net/browse/LPE-18212
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.