CVE-2025-3639

Name: Websites susceptible to CVE-2025-3639
Creator: WebTechSurvey

CVE-2025-3639

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled.

We have discovered 494 live websites that are affected by CVE-2025-3639.

Run a Free Instant Scan

Affected Software


Product	Liferay
Category	Content Management System
Vulnerable Domains	494 live websites (100% of Liferay install base)
Vulnerable Versions	from 7.3 through 7.4.3.132
Vulnerable Versions Count	0 versions ( less than 0.1% of all versions)

Common Weakness Enumeration

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Available Reports

Website List

Details

Published - Aug 18, 2025
Updated - Aug 18, 2025

CVE References

CWE References

cwe.mitre.org

CWE

CWE-288

Website Distribution by Country

Number of websites using CVE-2025-3639

United States	50 websites

Spain	102 websites
Iran	52 websites
Italy	37 websites
Germany	30 websites
Namibia	30 websites
Mexico	30 websites
Netherlands	15 websites
France	15 websites
Saudi Arabia	12 websites

Website Distribution by TLD

Number of websites using CVE-2025-3639

.com	73 websites
.es	50 websites
.it	31 websites
.org	22 websites
.de	19 websites
.nl	16 websites
.net	10 websites
.ca	8 websites
.pl	8 websites
.fr	7 websites

Websites affected by CVE-2025-3639

Top websites that are affected by CVE-2025-3639. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
**********.it	Italy	,*
***.sk	Slovakia	,*
******.es	Spain	,*
******.*.ro	Romania	,*
***.com	United States	,*
*****.mx	Mexico	*,*
****************.org	France	*,*
..*.cn	China	*,*
*..ca	Canada	*,*
***.com	United States	*,*