CVE-2025-3594 is a critical path traversal vulnerability identified in multiple versions of the Liferay Portal, specifically versions 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, as well as older unsupported versions. The vulnerability arises from improper limitation of a pathname to a restricted directory (CWE-22) during the downloading and installation process of the Xuggler component. Exploitation is possible via the `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter, which allows remote attackers to manipulate file paths. This manipulation enables attackers to add arbitrary files to any location on the server and to download and execute arbitrary files from the download server. The vulnerability does not require authentication (PR:N) but does require user interaction (UI:A), such as a user triggering the vulnerable functionality. The CVSS v4.0 base score is 8.6 (high severity), reflecting the network attack vector, low attack complexity, and the high impact on confidentiality, integrity, and availability. The vulnerability can lead to remote code execution, unauthorized file write, and potential full system compromise if exploited successfully. No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that organizations must monitor for updates and apply mitigations proactively.

For European organizations, the impact of CVE-2025-3594 can be severe. Liferay Portal is widely used in enterprise content management, intranet portals, and customer-facing web applications across various sectors including government, finance, education, and healthcare. Exploitation could lead to unauthorized file uploads and execution of malicious code, resulting in data breaches, service disruptions, and potential lateral movement within networks. Confidential information could be exfiltrated or altered, undermining data integrity and compliance with regulations such as GDPR. The ability to write files arbitrarily and execute code remotely poses a significant risk to operational continuity and could facilitate ransomware deployment or espionage activities. The lack of authentication requirement lowers the barrier for attackers, increasing the likelihood of exploitation especially in environments where user interaction can be socially engineered or automated. The absence of known exploits in the wild currently provides a window for mitigation, but the high severity score demands urgent attention.

European organizations should immediately audit their Liferay Portal deployments to identify affected versions. Until official patches are released, organizations should implement strict network-level controls to restrict access to the Liferay Server Admin Portlet, especially limiting access to trusted internal IPs or VPNs. Web application firewalls (WAFs) should be configured to detect and block suspicious requests containing path traversal patterns or unusual `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter values. Monitoring and logging of all file download and upload activities related to the portal should be enhanced to detect anomalous behavior. User awareness training should emphasize the risk of social engineering that could trigger user interaction required for exploitation. Additionally, consider isolating Liferay Portal servers in segmented network zones with minimal privileges and disabling unnecessary features or components related to Xuggler if not in use. Once patches become available, prioritize their deployment and conduct thorough testing to ensure the vulnerability is remediated.