VulnerableCode Vulnerability Details - VCID-fbq4-rkgc-77br

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-fbq4-rkgc-77br

Essentials
Severities (2)
References (12)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fbq4-rkgc-77br
Aliases	CVE-2024-25609 GHSA-3qq5-wcrx-4h8r
Summary	Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-601	URL Redirection to Untrusted Site ('Open Redirect')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00261	https://api.first.org/data/v1/epss?cve=CVE-2024-25609
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3qq5-wcrx-4h8r

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-25609
		https://github.com/liferay/liferay-portal
		https://github.com/liferay/liferay-portal/commit/3c5ee2054b44e4354cd2e53782914157ef2b5362
		https://github.com/liferay/liferay-portal/commit/5c9655c941b18d8948a0c38b2bc84f4a1f83543a
		https://github.com/liferay/liferay-portal/commit/66f3ae610c24f10a6950e75e0ca4c981935244ed
		https://github.com/liferay/liferay-portal/commit/702a1e35896681f04ec3c7c8075aa87d5e16a18d
		https://github.com/liferay/liferay-portal/commit/7aca15e7195a03243d5461fcf09cde0fa7de81f0
		https://github.com/liferay/liferay-portal/commit/dca931af71a3d9fbd896a25b92396df8458d2886
		https://github.com/liferay/liferay-portal/commit/f015ad20bd9ee1661ccff5fb48e03dd3a1ebf003
CVE-2024-25609		https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609
CVE-2024-25609		https://nvd.nist.gov/vuln/detail/CVE-2024-25609
GHSA-3qq5-wcrx-4h8r		https://github.com/advisories/GHSA-3qq5-wcrx-4h8r

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.49628
EPSS Score	0.00261
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:03:22.749665+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay.portal/release.portal.bom/CVE-2024-25609.yml	38.6.0