Book a demo

Our news and updates

Choose category
28 Aug 2025 Business and Enterprise Solutions
Liferay: Embedded Message Field XSS Vulnerability in Liferay Portal and DXP

In Liferay Portal versions 7.4.3.32 through 7.4.3.132, and Liferay DXP versions 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 a low severity vulnerability CVE-2025-43753 was detected. This vulnerability allows an authenticated attacker to inject JavaScript into the embedded message field from the form container. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.0, 2025.Q1.8 or 2024.Q1.17. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43753.

 Read more CMS
28 Aug 2025 Business and Enterprise Solutions
Liferay: Reflected XSS Vulnerability in Liferay Portal and DXP

In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-43757 was detected. This vulnerability allows an authenticated attacker to inject JavaScript code via the _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.3, 2025.Q1.15 or 2024.Q1.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43757.

 Read more CMS
27 Aug 2025 Communication and Collaboration
Mattermost: File Upload Vulnerability

In Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, and 10.9.x <= 10.9.3 a medium severity vulnerability CVE-2025-6465 was detected. This vulnerability allows a user with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs. To address this issue, users should upgrade Mattermost to versions 10.8.4, 10.5.9, 10.9.4 or 10.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6465.

 Read more Communication
27 Aug 2025 Communication and Collaboration
Mattermost: Plugin Installation Vulnerability

In Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, and 9.11.x <= 9.11.17 a medium severity vulnerability CVE-2025-36530 was detected. This vulnerability allows a restricted admin user to install unauthorized custom plugins via path traversal in the import functionality. To address this issue, users should upgrade Mattermost to versions 10.9.2, 10.8.4, 10.5.9 or 9.11.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-36530.

 Read more Communication
27 Aug 2025 Communication and Collaboration
Mattermost: Bulk Import Vulnerability

In Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, and 10.9.x <= 10.9.3 a medium severity vulnerability CVE-2025-8402 was detected. This vulnerability allows a System Admin to crash the server via the bulk import feature. To address this issue, users should upgrade Mattermost to versions 10.8.4, 10.5.9, 10.9.4, 10.10.1 or 9.11.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8402.

 Read more Communication
27 Aug 2025 Communication and Collaboration
Mattermost: Path Traversal Vulnerability

In Mattermost versions 10.8.x through 10.8.3, 10.5.x through 10.5.8, 9.11.x through 9.11.17, and 10.9.x through 10.9.2 a medium severity vulnerability CVE-2025-8023 was detected. This vulnerability allows a System Admin to perform path traversal attacks by using malicious path components, which could lead to malicious file placement outside of intended directories. To address this issue, users should upgrade Mattermost to versions 10.8.4, 10.5.9, 9.11.18 or 10.9.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8023.

 Read more Communication
26 Aug 2025 Communication and Collaboration
Mattermost: Privilege Escalation Vulnerability

In Mattermost versions 10.5.x <= 10.5.8 and 9.11.x <= 9.11.17 a low severity vulnerability CVE-2025-53971 was detected. This vulnerability allows a Team Admin to demote a Team Member to a Guest via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint. To address this issue, users should upgrade Mattermost to versions 10.10.0, 10.5.9, 9.11.18 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53971.

 Read more Communication
26 Aug 2025 Communication and Collaboration
Mattermost: AI Post Vulnerability

In Mattermost versions 10.5.x <= 10.5.8 a low severity vulnerability CVE-2025-49810 was detected. This vulnerability allows a user to read a thread via AI posts. To address this issue, users should upgrade Mattermost to versions 10.10.0, 10.5.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49810.

 Read more Communication
26 Aug 2025 Communication and Collaboration
Mattermost: Team Invite ID Vulnerability

In Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 and 10.9.x <= 10.9.2 a medium severity vulnerability CVE-2025-47870 was detected. This vulnerability allows a Team Admin with no member invite privileges to get the team's invite ID. To address this issue, users should upgrade Mattermost to versions 10.10.0, 10.8.4, 10.5.9, 9.11.18, 10.9.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47870.

 Read more Communication