Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/com.liferay.portal.kernel@2.112.0
Typemaven
Namespacecom.liferay.portal
Namecom.liferay.portal.kernel
Version2.112.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version155.0.0
Latest_non_vulnerable_version155.0.0
Affected_by_vulnerabilities
0
url VCID-38vz-usgx-g7dv
vulnerability_id VCID-38vz-usgx-g7dv
summary 
Liferay Portal defaults to a low work factor for the default password hashing algorithm
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25607
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27364
published_at 2026-06-06T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27414
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25607
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607
reference_id CVE-2024-25607
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-20T13:27:04Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25607
reference_id CVE-2024-25607
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25607
4
reference_url https://github.com/advisories/GHSA-43h9-p3j4-39hm
reference_id GHSA-43h9-p3j4-39hm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43h9-p3j4-39hm
fixed_packages
0
url pkg:maven/com.liferay.portal/com.liferay.portal.kernel@38.0.0
purl pkg:maven/com.liferay.portal/com.liferay.portal.kernel@38.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c659-puqg-xqba
1
vulnerability VCID-nac9-yhv8-73bh
2
vulnerability VCID-ykh6-phhq-rbcf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.kernel@38.0.0
aliases CVE-2024-25607, GHSA-43h9-p3j4-39hm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38vz-usgx-g7dv
1
url VCID-c659-puqg-xqba
vulnerability_id VCID-c659-puqg-xqba
summary 
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92  allows an remote non-authenticated attacker to inject JavaScript into the referer or FORWARD_URL using %00 in those parameters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43770
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14748
published_at 2026-06-05T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14755
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43770
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/a712758b9c4b6f4c54df5dec7d334279bb30f75a
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/a712758b9c4b6f4c54df5dec7d334279bb30f75a
3
reference_url https://github.com/liferay/liferay-portal/commit/bf20bc07e3e3421d39eaacff052418ce26d791f2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/bf20bc07e3e3421d39eaacff052418ce26d791f2
4
reference_url https://liferay.atlassian.net/browse/LPE-18151
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18151
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43770
reference_id CVE-2025-43770
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-25T17:59:19Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43770
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43770
reference_id CVE-2025-43770
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43770
7
reference_url https://github.com/advisories/GHSA-h4m4-xp33-37mj
reference_id GHSA-h4m4-xp33-37mj
reference_type
scores
url https://github.com/advisories/GHSA-h4m4-xp33-37mj
fixed_packages
0
url pkg:maven/com.liferay.portal/com.liferay.portal.kernel@155.0.0
purl pkg:maven/com.liferay.portal/com.liferay.portal.kernel@155.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.kernel@155.0.0
aliases CVE-2025-43770, GHSA-h4m4-xp33-37mj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c659-puqg-xqba
2
url VCID-mbcw-qy83-8ua6
vulnerability_id VCID-mbcw-qy83-8ua6
summary Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
references
0
reference_url http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:57:35Z/
url http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html
1
reference_url http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:57:35Z/
url http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7961
reference_id
reference_type
scores
0
value 0.94352
scoring_system epss
scoring_elements 0.99961
published_at 2026-06-05T12:55:00Z
1
value 0.94412
scoring_system epss
scoring_elements 0.99981
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7961
3
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
4
reference_url https://github.com/liferay/liferay-portal/blob/7.2.1-ga2/portal-kernel/bnd.bnd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/blob/7.2.1-ga2/portal-kernel/bnd.bnd
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7961
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7961
6
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:57:35Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities
7
reference_url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:57:35Z/
url https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
8
reference_url https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet
9
reference_url https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:57:35Z/
url https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
10
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7961
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7961
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/48332.msf
reference_id CVE-2020-7961
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/48332.msf
12
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/liferay_java_unmarshalling.rb
reference_id CVE-2020-7961
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/liferay_java_unmarshalling.rb
13
reference_url https://github.com/advisories/GHSA-w7pm-cc4v-f3g8
reference_id GHSA-w7pm-cc4v-f3g8
reference_type
scores
url https://github.com/advisories/GHSA-w7pm-cc4v-f3g8
fixed_packages
0
url pkg:maven/com.liferay.portal/com.liferay.portal.kernel@4.35.3
purl pkg:maven/com.liferay.portal/com.liferay.portal.kernel@4.35.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38vz-usgx-g7dv
1
vulnerability VCID-c659-puqg-xqba
2
vulnerability VCID-nac9-yhv8-73bh
3
vulnerability VCID-ykh6-phhq-rbcf
4
vulnerability VCID-yu82-8fyg-hfdr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.kernel@4.35.3
aliases CVE-2020-7961, GHSA-w7pm-cc4v-f3g8
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbcw-qy83-8ua6
3
url VCID-nac9-yhv8-73bh
vulnerability_id VCID-nac9-yhv8-73bh
summary 
Liferay Portal has Improper Validation of Specified Quantity in Input
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, which allows remote attackers who control a website that share the same TLD to read cookies set by the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43793
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25386
published_at 2026-06-06T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.25402
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43793
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43793
reference_id CVE-2025-43793
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T15:53:26Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43793
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43793
reference_id CVE-2025-43793
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43793
4
reference_url https://github.com/advisories/GHSA-xvgg-9h29-4g34
reference_id GHSA-xvgg-9h29-4g34
reference_type
scores
url https://github.com/advisories/GHSA-xvgg-9h29-4g34
fixed_packages
0
url pkg:maven/com.liferay.portal/com.liferay.portal.kernel@130.0.1
purl pkg:maven/com.liferay.portal/com.liferay.portal.kernel@130.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c659-puqg-xqba
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.kernel@130.0.1
aliases CVE-2025-43793, GHSA-xvgg-9h29-4g34
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nac9-yhv8-73bh
4
url VCID-ykh6-phhq-rbcf
vulnerability_id VCID-ykh6-phhq-rbcf
summary 
Liferay Portal has External Control of System or Configuration Settings
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from the database which, which allows remote authenticated users to exfiltrate data to an attacker controlled server (i.e., a fake “live site”) via the _com_liferay_exportimport_web_portlet_ExportImportPortlet_remoteAddress and _com_liferay_exportimport_web_portlet_ExportImportPortlet_remotePort parameters. To successfully exploit this vulnerability, an attacker must also successfully obtain the staging server’s shared secret and add the attacker controlled server to the staging server’s trusted list.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43792
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20756
published_at 2026-06-06T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20769
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43792
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43792
reference_id CVE-2025-43792
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T18:08:03Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43792
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43792
reference_id CVE-2025-43792
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43792
4
reference_url https://github.com/advisories/GHSA-vp64-77c6-33h8
reference_id GHSA-vp64-77c6-33h8
reference_type
scores
url https://github.com/advisories/GHSA-vp64-77c6-33h8
fixed_packages
0
url pkg:maven/com.liferay.portal/com.liferay.portal.kernel@130.0.1
purl pkg:maven/com.liferay.portal/com.liferay.portal.kernel@130.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c659-puqg-xqba
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.kernel@130.0.1
aliases CVE-2025-43792, GHSA-vp64-77c6-33h8
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykh6-phhq-rbcf
5
url VCID-yu82-8fyg-hfdr
vulnerability_id VCID-yu82-8fyg-hfdr
summary 
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3526
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58641
published_at 2026-06-06T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58634
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3526
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/429834b7cf7c131576f196466a386bb6ce764716
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/429834b7cf7c131576f196466a386bb6ce764716
3
reference_url https://github.com/liferay/liferay-portal/commit/b40fe110eb9d264c9c1a79ff77da317bbe6fa528
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b40fe110eb9d264c9c1a79ff77da317bbe6fa528
4
reference_url https://github.com/liferay/liferay-portal/commit/d9108a12269e6b27689b2fd06f66fb881c8ec894
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d9108a12269e6b27689b2fd06f66fb881c8ec894
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3526
reference_id CVE-2025-3526
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T14:41:05Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3526
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3526
reference_id CVE-2025-3526
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3526
7
reference_url https://github.com/advisories/GHSA-mf3r-6m25-3867
reference_id GHSA-mf3r-6m25-3867
reference_type
scores
url https://github.com/advisories/GHSA-mf3r-6m25-3867
fixed_packages
0
url pkg:maven/com.liferay.portal/com.liferay.portal.kernel@38.0.0
purl pkg:maven/com.liferay.portal/com.liferay.portal.kernel@38.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c659-puqg-xqba
1
vulnerability VCID-nac9-yhv8-73bh
2
vulnerability VCID-ykh6-phhq-rbcf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.kernel@38.0.0
aliases CVE-2025-3526, GHSA-mf3r-6m25-3867
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu82-8fyg-hfdr
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.kernel@2.112.0