Loading
Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.
Use CWE-307, Liferay vendor hub and Digital Experience Platform product page to widen CVE-2025-62257 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-62260, CVE-2025-62258 and CVE-2025-62275 for nearby disclosures in the same product family.