Liferay: Path Traversal Vulnerability in Xuggler Installation Mechanism - Proactive Insights and Support For Open-Source Applications

In Liferay Portal versions 7.0.0 through 7.4.3.4, Liferay DXP 7.4 GA, 7.3 GA through update 34 and older unsupported versions a high severity vulnerability CVE-2025-3594 was detected. This vulnerability allows remote attackers to add files to arbitrary locations on the server and download and execute arbitrary files from the download server via the `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.5-ga5 or Liferay DXP to versions 7.3 Update 35. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3594.