CVE-2025-4655 is a Server-Side Request Forgery (SSRF) vulnerability identified in the FreeMarker template engine integration within Liferay Portal versions 7.4.0 through 7.4.3.132 and multiple Liferay DXP quarterly releases spanning 2024 and 2025. SSRF vulnerabilities occur when an attacker can manipulate a server-side application to send crafted HTTP requests to unintended locations, potentially bypassing network access controls. In this case, template editors with privileges to modify FreeMarker templates can craft malicious URLs that bypass existing access validation mechanisms. This enables them to coerce the server into making unauthorized requests to internal or external systems. The vulnerability is classified under CWE-918, indicating improper restriction of outbound requests by a server. The CVSS v4.0 base score is 5.1 (medium severity), reflecting that the attack vector is network-based, requires high privileges (template editor role), and does not require user interaction. The vulnerability does not impact confidentiality, integrity, or availability directly but can be leveraged to access internal resources or services that are otherwise inaccessible, potentially leading to further exploitation or information disclosure. No public exploits are currently known, and no patches have been linked yet. The vulnerability affects a broad range of Liferay DXP quarterly releases and the 7.4 GA line, indicating a widespread exposure for organizations using these versions.

For European organizations utilizing Liferay Portal or Liferay DXP, this SSRF vulnerability poses a moderate risk. Liferay is widely used in enterprise portals, intranet sites, and customer-facing web applications across various sectors including government, finance, education, and healthcare in Europe. Exploitation could allow malicious insiders or compromised template editors to pivot into internal networks, access sensitive internal services, or exfiltrate data by abusing the server's network privileges. This could lead to unauthorized access to internal APIs, cloud metadata services, or other protected resources. While the vulnerability requires high privileges (template editor role), organizations with insufficient role segregation or weak internal controls are at greater risk. The lack of known public exploits reduces immediate threat but does not eliminate the risk of targeted attacks. The impact is particularly significant for organizations hosting sensitive data or critical services behind Liferay portals, as SSRF can be a stepping stone for more severe attacks such as internal reconnaissance, lateral movement, or data leakage.

To mitigate this vulnerability, European organizations should: 1) Immediately audit and restrict template editor privileges to only trusted personnel, enforcing strict role-based access controls and separation of duties. 2) Monitor and review all FreeMarker template changes for suspicious or unauthorized modifications, employing code review and change management processes. 3) Implement network-level egress filtering to restrict the server's ability to make arbitrary outbound requests, especially to internal or sensitive endpoints. 4) Apply any vendor-provided patches or updates as soon as they become available. 5) Use Web Application Firewalls (WAFs) with rules to detect and block SSRF patterns in HTTP requests. 6) Conduct internal penetration testing focusing on SSRF vectors within Liferay environments to identify and remediate potential exploitation paths. 7) Log and monitor outbound requests from Liferay servers for anomalies that could indicate SSRF exploitation attempts.