CVE-2022-42125 is a high-severity Zip Slip vulnerability affecting the FileUtil.unzip functionality in Liferay Portal versions 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34. The vulnerability allows an attacker to deploy a malicious plugin or module containing crafted ZIP archives that exploit directory traversal weaknesses during the unzip process. This enables the attacker to create or overwrite arbitrary files on the underlying filesystem of the server running Liferay. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), indicating that the unzip function does not properly sanitize or validate file paths extracted from ZIP entries. The CVSS v3.1 base score is 7.5, reflecting a high severity with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). This means an unauthenticated remote attacker can exploit this vulnerability without user interaction to overwrite files, potentially leading to integrity compromise of the system or application. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the ease of exploitation and the critical nature of file overwrite capabilities. The lack of vendor or product-specific patch links suggests that organizations must monitor Liferay advisories closely for updates or apply manual mitigations. The vulnerability affects a widely used enterprise portal and digital experience platform, which is often deployed in web-facing environments, increasing the attack surface.

For European organizations using Liferay Portal or Liferay DXP in the affected versions, this vulnerability presents a serious risk to the integrity of their web infrastructure. Successful exploitation could allow attackers to overwrite critical configuration files, deploy backdoors, or modify application logic, leading to persistent compromise, data manipulation, or lateral movement within the network. Given Liferay's use in government, education, and enterprise sectors across Europe, exploitation could disrupt public services, compromise sensitive data, or damage organizational reputation. The lack of confidentiality impact reduces the risk of direct data leakage, but the integrity impact can facilitate further attacks or system instability. Additionally, since the vulnerability does not require authentication or user interaction, attackers can remotely exploit vulnerable systems at scale. This elevates the threat level for European entities that rely on Liferay for customer portals, intranets, or digital experience management, especially those with internet-exposed deployments.

European organizations should immediately inventory their Liferay Portal and DXP deployments to identify affected versions (7.4.3.5 through 7.4.3.35 and 7.4 update 1 through update 34). Until official patches are released, organizations should implement strict input validation and sanitization on ZIP file uploads, restricting or validating file paths to prevent directory traversal. Deploying web application firewalls (WAFs) with custom rules to detect and block suspicious ZIP archive patterns can reduce exposure. Restricting deployment of plugins/modules to trusted sources and enforcing code signing or integrity checks can prevent malicious modules from being installed. Running Liferay with least privilege file system permissions limits the impact of file overwrites. Monitoring file integrity and unusual file system changes on servers hosting Liferay can provide early detection of exploitation attempts. Organizations should subscribe to Liferay security advisories and apply patches promptly once available. Network segmentation and limiting access to Liferay management interfaces further reduce risk.