com.liferay.portal:com.liferay.portal.kernel (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.liferay.portal:com.liferay.portal.kernel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2024-25607 — CVSS 8.1 (high): The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and…
CVE-2025-3526 — CVSS 7.5 (high): SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older…
CVE-2025-43793 — CVSS 7.5 (high): Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA…
CVE-2025-43770 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through…
CVE-2025-43792 — CVSS 5.3 (medium): Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through…