Liferay: Unauthorized Data Exposure Vulnerability in Liferay Portal and Liferay DXP

In Liferay Portal versions 7.4.0 through 7.4.3.126 and Liferay DXP versions 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 a medium severity vulnerability CVE-2025-2565 was detected. This vulnerability allows unauthorized users to obtain entry data from forms. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129, Liferay DXP to versions 2024.Q4.0, 2024.Q3.1 or 2024.Q1.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2565.