Liferay: Denial-of-Service Vulnerability in GraphQL Query Handling - Proactive Insights and Support For Open-Source Applications

In Liferay Portal versions 7.4.0 through 7.4.3.97, Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35 and 7.2 fix pack 8 through fix pack 20 a high severity vulnerability CVE-2025-3602 was detected. This vulnerability allows attackers to perform denial-of-service (DoS) attacks by executing overly complex GraphQL queries due to the absence of query depth limitations. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.98, Liferay DXP to versions 2023.Q3.3 or 7.3 U36. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3602.