Exploit for CVE-2025-3639

CVE-2025-3639 PoC – Liferay Portal/DXP Login Bypass This repository contains a Proof of Concept (PoC) for CVE-2025-3639, a login bypass vulnerability in Liferay Portal (versions 7.3.0–7.4.3.132) and Liferay DXP (various versions from 2024.Q1 to 2025.Q1.6). The PoC demonstrates how an unauthenticated user with valid credentials can bypass multi-factor authentication (MFA) by modifying a POST request to a GET request, potentially gaining unauthorized access to user accounts. Warning: This PoC is for educational purposes only. Unauthorized testing or exploitation of this vulnerability is illegal and unethical. Use only with explicit written permission from the system owner. Requirements Environment: Linux (e.g., Kali Linux, Ubuntu, or a virtualized setup). Dependencies: bash sudo apt-get update sudo apt-get install python3 python3-requests pip3 install requests Network: Access to a target Liferay Portal/DXP instance (must be in a test environment with explicit permission). Credentials: Valid user credentials for the target Liferay instance. Installation Clone the repository: bash git clone https://github.com/6lj/CVE-2025-3639-PoC.git cd CVE-2025-3639-PoC Ensure Python 3 and the requests library are installed: bash pip3 install requests What It Does The PoC exploits CVE-2025-3639 by modifying a login POST request to a GET request, bypassing MFA checks. It sends a crafted HTTP GET request with valid credentials to authenticate without completing…Read More