## Critical Vulnerability Information ### Vulnerability Identifier - **CVE ID**: CVE-2025-4581 ### Vulnerability Description - **Type**: Blind SSRF (Server-Side Request Forgery) - **Location**: portal-settings-authentication-opensso-web - **Cause**: Due to improper validation of user-supplied URLs, a blind SSRF vulnerability exists during the pre-authentication phase. - **Impact**: Attackers can exploit this vulnerability to force the server to send arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation. ### Severity - **CVSS Score**: 5.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/Vl:N/VA:N/SC:L/Si:N/SA:N) ### Affected Versions - Liferay Portal 7.4.0 to 7.4.3.132 - Liferay DXP 2025.Q1.0 to 2025.Q1.4 - Liferay DXP 2024.Q4.0 to 2024.Q4.7 - Liferay DXP 2024.Q3.1 to 2024.Q3.13 - Liferay DXP 2024.Q2.0 to 2024.Q2.13 - Liferay DXP 2024.Q1.1 to 2024.Q1.15 - Liferay DXP 7.4 GA to update 92 ### Fixed Versions - Liferay Portal fixed in the master branch - Liferay DXP 2025.Q2.0 - Liferay DXP 2025.Q1.5 - Liferay DXP 2024.Q1.16 ### Acknowledgments - **Reporters**: Shubham Shah (CTO @ Assetnote) and Adam Kues (Security Researcher @ Assetnote) - **Disclosure Date**: April 4, 2025, 16:24:00 +0000