CVE-2025-62241 – Liferay DXP Insecure Direct Object Reference (IDOR)

CVE ID : CVE-2025-62241

Published : Oct. 13, 2025, 8:15 p.m. | 24 minutes ago

Description : Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…