CVE-2025-62241 | Liferay DXP up to 2023.Q4.5 Shipment Address authorization

A vulnerability described as problematic has been identified in Liferay DXP up to 2023.Q4.5. Affected by this vulnerability is an unknown functionality of the component Shipment Address Handler. Such manipulation of the argument _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId leads to authorization bypass.

This vulnerability is referenced as CVE-2025-62241. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More