CVE-2025-4655 is a Server-Side Request Forgery (SSRF) vulnerability identified in the FreeMarker template engine used within Liferay Portal versions 7.4.0 through 7.4.3.132 and multiple Liferay DXP releases from 2024.Q1.1 through 2025.Q1.5. SSRF vulnerabilities allow an attacker to induce the server-side application to make HTTP requests to arbitrary domains or internal systems that the attacker normally cannot access directly. In this case, the vulnerability arises because template editors can craft malicious URLs that bypass existing access validation controls within the FreeMarker templates. This bypass enables them to manipulate the server to send requests to unintended locations, potentially exposing internal services or sensitive data. The vulnerability is classified under CWE-918, which covers SSRF issues. The CVSS v4.0 base score is 5.1 (medium severity), reflecting that the attack vector is network-based with low attack complexity, no privileges required beyond template editing, no user interaction, and limited impact on confidentiality, integrity, and availability. However, the vulnerability requires the attacker to have template editing privileges (PR:H), which somewhat limits exploitation scope. No known public exploits have been reported yet. The lack of patch links suggests that fixes may still be pending or not publicly disclosed at the time of this report. Given the widespread use of Liferay Portal in enterprise environments for web content management and collaboration, this SSRF vulnerability could be leveraged to pivot attacks into internal networks or exfiltrate data if exploited by a malicious insider or compromised template editor account.

For European organizations using Liferay Portal or Liferay DXP, this SSRF vulnerability poses a moderate risk. Exploitation could allow attackers with template editing access to bypass network segmentation and access internal services that are otherwise protected, such as internal APIs, databases, or cloud metadata services. This could lead to unauthorized data disclosure, reconnaissance of internal infrastructure, or further lateral movement within the network. Given the critical role Liferay Portal plays in many enterprises for intranet and extranet portals, successful exploitation could disrupt business operations or expose sensitive corporate or personal data subject to GDPR regulations. The medium CVSS score reflects that while the vulnerability is not trivially exploitable by external attackers without credentials, the impact on confidentiality and integrity could be significant if exploited internally or by compromised users. European organizations with strict data protection requirements should be particularly cautious, as SSRF can be a stepping stone to more severe breaches involving personal or confidential data.

To mitigate this vulnerability, European organizations should: 1) Immediately review and restrict template editor privileges to only trusted personnel, minimizing the number of users who can edit FreeMarker templates. 2) Apply any available patches or updates from Liferay as soon as they are released to address CVE-2025-4655. 3) Implement network-level controls such as egress filtering and internal firewall rules to restrict the Liferay server's ability to make arbitrary outbound requests, especially to internal services or cloud metadata endpoints. 4) Conduct thorough code reviews and audits of FreeMarker templates to detect and remove any potentially malicious or unsafe URL constructions. 5) Monitor logs for unusual outbound requests originating from the Liferay server that could indicate exploitation attempts. 6) Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SSRF patterns in HTTP requests. 7) Educate administrators and developers about SSRF risks and secure template design practices to prevent future vulnerabilities.