Loading
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the `endpoint` parameter.
Use CWE-352, Liferay vendor hub and Digital Experience Platform product page to widen CVE-2025-62258 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-62260, CVE-2025-62275 and CVE-2025-62259 for nearby disclosures in the same product family.