CVE-2025-43799

Medium CVSS: 6.9

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API.

Vendor

Liferay

Product

Digital Experience Platform

CWE

CWE-1393

Yayın Tarihi

2025-09-15 21:15:35

Güncelleme

2025-12-16 16:37:52

Source Identifier

security@liferay.com

KEV Date Added

Kategoriler

CWE-1393 Digital Experience Platform MEDIUM Liferay 2025

Referanslar

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43799

Benzer Kayıtlar

Medium

CVE-2025-62275

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.…

Medium

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported ver…

Medium

CVE-2025-62267

Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.…

Medium

CVE-2025-62264

Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, an…

Medium

CVE-2025-62265

Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupp…

Medium

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 20…