CVE-2025-62267 is a cross-site scripting (XSS) vulnerability classified under CWE-79, discovered in Liferay Portal versions 7.4.3.35 through 7.4.3.111 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 35 through update 92. The vulnerability exists in the web content template’s select structure page, where user input fields for First Name, Middle Name, and Last Name are not properly sanitized or neutralized before being rendered in web pages. This improper input handling allows remote attackers to inject arbitrary HTML or JavaScript code by submitting crafted payloads into these name fields. The vulnerability can be exploited remotely without requiring elevated privileges, but it does require the attacker to have authenticated access and some level of user interaction to trigger the malicious script execution. The CVSS v4.0 score is 4.6 (medium severity), reflecting network attack vector, low complexity, no privileges required, but user interaction needed, and limited impact on confidentiality and integrity. Exploitation could lead to session hijacking, theft of sensitive information, defacement of portal content, or redirection to malicious sites, undermining user trust and portal integrity. No public exploits are currently known, but the widespread use of Liferay Portal in enterprise and government sectors makes this a notable risk. The vulnerability highlights the importance of secure coding practices in web content rendering and input validation within portal platforms.

For European organizations, the impact of CVE-2025-62267 can be significant, particularly for those relying on Liferay Portal for intranet, extranet, or customer-facing web applications. Successful exploitation could compromise user sessions, leading to unauthorized access to sensitive information or manipulation of portal content. This can result in data breaches, reputational damage, and potential regulatory non-compliance under GDPR if personal data is exposed. The integrity of internal communications and workflows may be disrupted, affecting business continuity. Although the vulnerability requires authenticated access and user interaction, insider threats or compromised credentials could facilitate exploitation. Sectors such as finance, healthcare, government, and critical infrastructure that use Liferay portals for sensitive operations are at higher risk. The medium severity rating suggests a moderate but non-negligible threat that should be addressed promptly to prevent escalation or chaining with other vulnerabilities.

European organizations should implement the following specific mitigations: 1) Immediately audit and restrict access to Liferay Portal user profile editing functions to trusted users only. 2) Apply strict input validation and sanitization on all user-supplied data fields, especially name fields, using allowlists and context-aware output encoding to prevent script injection. 3) Monitor portal logs for unusual input patterns or repeated failed attempts to inject scripts. 4) Educate users and administrators about the risks of XSS and safe handling of user input. 5) Deploy web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting Liferay portals. 6) Plan and prioritize upgrading to patched versions of Liferay Portal and DXP once vendor fixes are released. 7) Implement Content Security Policy (CSP) headers to reduce the impact of any injected scripts. 8) Conduct regular security assessments and penetration tests focusing on web content templates and user input handling. These measures go beyond generic advice by focusing on access control, proactive detection, and layered defenses tailored to the Liferay environment.