Last Week In AppSec for 14. October 2025

This Checkmarx AppSec bulletin highlights two vulnerabilities: a Poppler use-after-free (CVE-2025-52885, CVSS 7.8) that could expose information or enable arbitrary code execution, and a Liferay Account Admin Web IDOR (CVE-2025-62242, CVSS 9.1) that allows attackers to access privileged user data; the report urges affected parties to apply patches, hunt for the libraries in applications and containers, and review access controls and third-party plugins.