Liferay: Denial-of-Service Vulnerability in SessionClicks Handling

In Liferay Portal versions 7.0.0 through 7.4.3.21, Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25 and older unsupported versions a high severity vulnerability CVE-2025-3526 was detected. This vulnerability allows remote attackers to consume system memory by saving crafted request parameters in the HTTP session, leading to denial-of-service (DoS) conditions. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.22, Liferay DXP to versions 7.4 Update 10 or 7.3 Update 26. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3526.