Loading
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.
Cite this page
CVE-2024-25144. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2024-25144
Use CWE-835, Liferay vendor hub and Digital Experience Platform product page to widen CVE-2024-25144 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-62260, CVE-2025-62258 and CVE-2025-62275 for nearby disclosures in the same product family.