Loading
Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing a request that returns a large number of objects.
Use CWE-400, Liferay vendor hub and Digital Experience Platform product page to widen CVE-2025-62260 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-62258, CVE-2025-62275 and CVE-2025-62259 for nearby disclosures in the same product family.