Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

Type maven

Namespace com.liferay.portal

Name release.portal.bom

Version 7.4.3.120

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-27a1-teqk-cbe2

vulnerability_id

VCID-27a1-teqk-cbe2

summary

Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting
A stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript through Custom Object field label. The malicious payload is stored and executed through Process Builder's Configuration tab without proper escaping.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43776

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13928
published_at	2026-06-05T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13895
published_at	2026-06-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13932
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43776

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.atlassian.net/browse/LPE-18277

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18277

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776

reference_id

CVE-2025-43776

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T15:04:48Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43776

reference_id

CVE-2025-43776

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43776

reference_url	https://github.com/advisories/GHSA-rcc7-jx7p-hrv4
reference_id	GHSA-rcc7-jx7p-hrv4
reference_type
scores
url	https://github.com/advisories/GHSA-rcc7-jx7p-hrv4

fixed_packages

aliases

CVE-2025-43776, GHSA-rcc7-jx7p-hrv4

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-27a1-teqk-cbe2

url

VCID-2dra-x6f5-xybz

vulnerability_id

VCID-2dra-x6f5-xybz

summary

Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.6, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the PortalUtil.escapeRedirect

references

reference_url

http://github.com/liferay/liferay-portal/commit/58b365ffe2f088b308cfae207474ade3e143bbf9

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/liferay/liferay-portal/commit/58b365ffe2f088b308cfae207474ade3e143bbf9

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43760

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.15326
published_at	2026-06-07T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15367
published_at	2026-06-06T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15376
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43760

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/7a1a7f0359e99be27ca04dab119e867c2263f040

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7a1a7f0359e99be27ca04dab119e867c2263f040

reference_url

https://github.com/liferay/liferay-portal/commit/7c742f32f536dadfdbcad68acd20c63363728a25

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7c742f32f536dadfdbcad68acd20c63363728a25

reference_url

https://github.com/liferay/liferay-portal/commit/8f5989233fe36261df8e7bb356b1cc833ba4f34e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/8f5989233fe36261df8e7bb356b1cc833ba4f34e

reference_url

https://github.com/liferay/liferay-portal/commit/9485d39fa2b66cfc075b16fddaafa9fca64a5687

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9485d39fa2b66cfc075b16fddaafa9fca64a5687

reference_url

https://github.com/liferay/liferay-portal/commit/aa88fd90657cd83d92ed2e6fbcbc28e5cf7e3fca

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/aa88fd90657cd83d92ed2e6fbcbc28e5cf7e3fca

reference_url

https://github.com/liferay/liferay-portal/commit/c457c6d72685db48ed07562a33c67d7998e88b27

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/c457c6d72685db48ed07562a33c67d7998e88b27

reference_url

https://github.com/liferay/liferay-portal/commit/ddd3a57cd5d3a8891673491b8b6cb680dff1f3c5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ddd3a57cd5d3a8891673491b8b6cb680dff1f3c5

reference_url

https://liferay.atlassian.net/browse/LPE-18156

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18156

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43760

reference_id

CVE-2025-43760

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T18:00:22Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43760

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43760

reference_id

CVE-2025-43760

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43760

reference_url	https://github.com/advisories/GHSA-fvqv-593q-qp8r
reference_id	GHSA-fvqv-593q-qp8r
reference_type
scores
url	https://github.com/advisories/GHSA-fvqv-593q-qp8r

fixed_packages

aliases

CVE-2025-43760, GHSA-fvqv-593q-qp8r

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-2dra-x6f5-xybz

url VCID-2mtb-mdha-qufv

vulnerability_id VCID-2mtb-mdha-qufv

summary

Liferay Portal Vulnerable to Cross-Site Request Forgery
Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43748

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10059
published_at	2026-06-05T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10966
published_at	2026-06-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.11
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43748

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.atlassian.net/browse/LPE-17839

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17839

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748

reference_id

CVE-2025-43748

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-22T03:55:44Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43748

reference_id

CVE-2025-43748

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43748

reference_url	https://github.com/advisories/GHSA-p9gc-59hf-x48p
reference_id	GHSA-p9gc-59hf-x48p
reference_type
scores
url	https://github.com/advisories/GHSA-p9gc-59hf-x48p

fixed_packages

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u1pr-9cpx-q3hg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-csnj-331s-43ea

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-u1pr-9cpx-q3hg

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125

aliases CVE-2025-43748, GHSA-p9gc-59hf-x48p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mtb-mdha-qufv

url

VCID-434b-p73k-5fam

vulnerability_id

VCID-434b-p73k-5fam

summary

Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_portletNamespace and _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_namespace parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43746

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12686
published_at	2026-06-05T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12658
published_at	2026-06-07T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1269
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43746

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/5ca8331da4503ae336818a747e43817066f27b73

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/5ca8331da4503ae336818a747e43817066f27b73

reference_url

https://github.com/liferay/liferay-portal/commit/7ac0f245435a18e42291186907ad6dbf0e4e8a43

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7ac0f245435a18e42291186907ad6dbf0e4e8a43

reference_url

https://github.com/liferay/liferay-portal/commit/c4c34a13094356160474c06c3a115723d97f75ab

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/c4c34a13094356160474c06c3a115723d97f75ab

reference_url

https://liferay.atlassian.net/browse/LPE-18244

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18244

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43746

reference_id

CVE-2025-43746

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T18:53:24Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43746

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43746

reference_id

CVE-2025-43746

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43746

reference_url	https://github.com/advisories/GHSA-mpww-r37c-vxjw
reference_id	GHSA-mpww-r37c-vxjw
reference_type
scores
url	https://github.com/advisories/GHSA-mpww-r37c-vxjw

fixed_packages

aliases

CVE-2025-43746, GHSA-mpww-r37c-vxjw

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-434b-p73k-5fam

url

VCID-4kym-jhtn-cfa3

vulnerability_id

VCID-4kym-jhtn-cfa3

summary

Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43741

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.14024
published_at	2026-06-06T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13987
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43741

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/264f4f91aa4f8373c5a9cc44420edf1689384cbb

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/264f4f91aa4f8373c5a9cc44420edf1689384cbb

reference_url

https://liferay.atlassian.net/browse/LPE-18193

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18193

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43741

reference_id

CVE-2025-43741

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T15:16:53Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43741

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43741

reference_id

CVE-2025-43741

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43741

reference_url	https://github.com/advisories/GHSA-j6p8-g3rj-ghpm
reference_id	GHSA-j6p8-g3rj-ghpm
reference_type
scores
url	https://github.com/advisories/GHSA-j6p8-g3rj-ghpm

fixed_packages

aliases

CVE-2025-43741, GHSA-j6p8-g3rj-ghpm

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4kym-jhtn-cfa3

url

VCID-4xqq-69ab-1qew

vulnerability_id

VCID-4xqq-69ab-1qew

summary

Liferay Portal Username Enumeration Vulnerability
Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request.

references

reference_url

http://github.com/liferay/liferay-portal/commit/8199c568a66d66d6ad7ac450d3c69f6e0e9bd181

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/liferay/liferay-portal/commit/8199c568a66d66d6ad7ac450d3c69f6e0e9bd181

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43754

reference_id

reference_type

scores

value	0.00078
scoring_system	epss
scoring_elements	0.23393
published_at	2026-06-06T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23405
published_at	2026-06-05T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2465
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43754

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/06b603671f0e76cd50f56d803a310a3c79944d1d

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/06b603671f0e76cd50f56d803a310a3c79944d1d

reference_url

https://github.com/liferay/liferay-portal/commit/18a88af5409a5085cb094f5bc55229d5e03a9f29

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/18a88af5409a5085cb094f5bc55229d5e03a9f29

reference_url

https://github.com/liferay/liferay-portal/commit/33697cf599a2c573ef9571696af55476ecc2ada6

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/33697cf599a2c573ef9571696af55476ecc2ada6

reference_url

https://github.com/liferay/liferay-portal/commit/367dc7d19aa31eaf881f217ceff9610f1747e2d7

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/367dc7d19aa31eaf881f217ceff9610f1747e2d7

reference_url

https://github.com/liferay/liferay-portal/commit/38c0a06cebf0d635aa2af9912c068217161fcf1e

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/38c0a06cebf0d635aa2af9912c068217161fcf1e

reference_url

https://github.com/liferay/liferay-portal/commit/45c3ca76966ddfaf8fe650f28910b0f55536f2b4

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/45c3ca76966ddfaf8fe650f28910b0f55536f2b4

reference_url

https://github.com/liferay/liferay-portal/commit/53e6dcaa31a7599df8de9d3cef92e59e95a2064e

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/53e6dcaa31a7599df8de9d3cef92e59e95a2064e

reference_url

https://github.com/liferay/liferay-portal/commit/556450752159503476635c44736721ad797fa431

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/556450752159503476635c44736721ad797fa431

reference_url

https://github.com/liferay/liferay-portal/commit/5b1bf48b0dc2a062928237ab1ea4a2274c63e652

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/5b1bf48b0dc2a062928237ab1ea4a2274c63e652

reference_url

https://github.com/liferay/liferay-portal/commit/6629bb176c1f58ca852d599c013bd3e97b3312d3

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/6629bb176c1f58ca852d599c013bd3e97b3312d3

reference_url

https://github.com/liferay/liferay-portal/commit/6f6f9f0922f6a13e21236915b864e0c1c12e47a9

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/6f6f9f0922f6a13e21236915b864e0c1c12e47a9

reference_url

https://github.com/liferay/liferay-portal/commit/6fdbb052a6e0cbe8b300138fb75f88df69f58799

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/6fdbb052a6e0cbe8b300138fb75f88df69f58799

reference_url

https://github.com/liferay/liferay-portal/commit/7118e956516d48792fb9365d1ae1f0ee971a8ac3

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7118e956516d48792fb9365d1ae1f0ee971a8ac3

reference_url

https://github.com/liferay/liferay-portal/commit/862ca74aaf98c70823022b6556cdc8a339128f79

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/862ca74aaf98c70823022b6556cdc8a339128f79

reference_url

https://github.com/liferay/liferay-portal/commit/9b4be82e964e9bbab1ce9824a61d9f40b28f38bb

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9b4be82e964e9bbab1ce9824a61d9f40b28f38bb

reference_url

https://github.com/liferay/liferay-portal/commit/9ce8b8dec237f9b9049760904fcefd06a8695832

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9ce8b8dec237f9b9049760904fcefd06a8695832

reference_url

https://github.com/liferay/liferay-portal/commit/c8041d0f527388305897ac79f98d012bb31b82ac

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/c8041d0f527388305897ac79f98d012bb31b82ac

reference_url

https://github.com/liferay/liferay-portal/commit/f25bb9583f059f86937649fdacf940928ca3767b

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/f25bb9583f059f86937649fdacf940928ca3767b

reference_url

https://liferay.atlassian.net/browse/LPE-18149

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18149

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43754

reference_id

CVE-2025-43754

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T20:01:22Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43754

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43754

reference_id

CVE-2025-43754

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43754

reference_url	https://github.com/advisories/GHSA-x7p4-v8mj-6fxx
reference_id	GHSA-x7p4-v8mj-6fxx
reference_type
scores
url	https://github.com/advisories/GHSA-x7p4-v8mj-6fxx

fixed_packages

aliases

CVE-2025-43754, GHSA-x7p4-v8mj-6fxx

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqq-69ab-1qew

url

VCID-8xx2-vtnr-dubu

vulnerability_id

VCID-8xx2-vtnr-dubu

summary

Liferay Portal Login Bypass Vulnerability
Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3639

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13738
published_at	2026-06-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13777
published_at	2026-06-06T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13774
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3639

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05

reference_url

https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78

reference_url

https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7

reference_url

https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518

reference_url

https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb

reference_url

https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2

reference_url

https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc

reference_url

https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f

reference_url

https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67

reference_url

https://liferay.atlassian.net/browse/LPE-18212

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18212

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639

reference_id

CVE-2025-3639

reference_type

scores

value	2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T19:51:41Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-3639

reference_id

CVE-2025-3639

reference_type

scores

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-3639

reference_url	https://github.com/advisories/GHSA-g4wg-mpfg-x2q6
reference_id	GHSA-g4wg-mpfg-x2q6
reference_type
scores
url	https://github.com/advisories/GHSA-g4wg-mpfg-x2q6

fixed_packages

aliases

CVE-2025-3639, GHSA-g4wg-mpfg-x2q6

risk_score

1.4

exploitability

0.5

weighted_severity

2.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-8xx2-vtnr-dubu

url VCID-brjh-tyur-ebc8

vulnerability_id VCID-brjh-tyur-ebc8

summary

Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
A stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43785

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.1281
published_at	2026-06-05T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12775
published_at	2026-06-07T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12815
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43785

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/5f1a7c347c81f05848f032a9e25cbc9abaab05ff

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/5f1a7c347c81f05848f032a9e25cbc9abaab05ff

reference_url

https://liferay.atlassian.net/browse/LPE-18074

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18074

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43785

reference_id

CVE-2025-43785

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:50:21Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43785

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43785

reference_id

CVE-2025-43785

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43785

reference_url	https://github.com/advisories/GHSA-66x6-8jgv-qpfh
reference_id	GHSA-66x6-8jgv-qpfh
reference_type
scores
url	https://github.com/advisories/GHSA-66x6-8jgv-qpfh

fixed_packages

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-u1pr-9cpx-q3hg

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

aliases CVE-2025-43785, GHSA-66x6-8jgv-qpfh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brjh-tyur-ebc8

url

VCID-by7b-2zr9-y3dj

vulnerability_id

VCID-by7b-2zr9-y3dj

summary

Liferay Portal CSRF Vulnerability via Endpoint Parameter
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43745

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.111
published_at	2026-06-05T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1106
published_at	2026-06-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.11093
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43745

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/037b58f96c9ded47960ab493a68d68aaf32b1a43

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/037b58f96c9ded47960ab493a68d68aaf32b1a43

reference_url

https://github.com/liferay/liferay-portal/commit/2387ee78fd471ea1c1c4d696aa0cbb1bce72665e

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/2387ee78fd471ea1c1c4d696aa0cbb1bce72665e

reference_url

https://github.com/liferay/liferay-portal/commit/729dfc202c9d2724b5f3f749ead14eb13832e101

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/729dfc202c9d2724b5f3f749ead14eb13832e101

reference_url

https://liferay.atlassian.net/browse/LPE-18275

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18275

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745

reference_id

CVE-2025-43745

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-19T19:15:28Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43745

reference_id

CVE-2025-43745

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43745

reference_url	https://github.com/advisories/GHSA-7q33-gwcm-r6cj
reference_id	GHSA-7q33-gwcm-r6cj
reference_type
scores
url	https://github.com/advisories/GHSA-7q33-gwcm-r6cj

fixed_packages

aliases

CVE-2025-43745, GHSA-7q33-gwcm-r6cj

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-by7b-2zr9-y3dj

url

VCID-ca62-h2qv-v7bg

vulnerability_id

VCID-ca62-h2qv-v7bg

summary

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
An SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4655

reference_id

reference_type

scores

value	0.00167
scoring_system	epss
scoring_elements	0.37665
published_at	2026-06-05T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37637
published_at	2026-06-07T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37668
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4655

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4655

reference_id

CVE-2025-4655

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T18:52:11Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4655

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-4655

reference_id

CVE-2025-4655

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-4655

reference_url	https://github.com/advisories/GHSA-c6g5-g6r7-q4j6
reference_id	GHSA-c6g5-g6r7-q4j6
reference_type
scores
url	https://github.com/advisories/GHSA-c6g5-g6r7-q4j6

fixed_packages

aliases

CVE-2025-4655, GHSA-c6g5-g6r7-q4j6

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ca62-h2qv-v7bg

url VCID-csnj-331s-43ea

vulnerability_id VCID-csnj-331s-43ea

summary

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's layout-taglib/__liferay__/index.js allows remote attackers to inject arbitrary web script or HTML via toastData parameter

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2536

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.40096
published_at	2026-06-05T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40071
published_at	2026-06-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40099
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2536

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-2536

reference_id

CVE-2025-2536

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-19T19:34:44Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-2536

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-2536

reference_id

CVE-2025-2536

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-2536

reference_url	https://github.com/advisories/GHSA-hrc4-p2h3-pjqw
reference_id	GHSA-hrc4-p2h3-pjqw
reference_type
scores
url	https://github.com/advisories/GHSA-hrc4-p2h3-pjqw

fixed_packages

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-u1pr-9cpx-q3hg

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

aliases CVE-2025-2536, GHSA-hrc4-p2h3-pjqw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-csnj-331s-43ea

url VCID-ebzh-bpks-5qe2

vulnerability_id VCID-ebzh-bpks-5qe2

summary

Liferay Cross-site Scripting vulnerability
A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3760

reference_id

reference_type

scores

value	0.00157
scoring_system	epss
scoring_elements	0.363
published_at	2026-06-05T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36271
published_at	2026-06-07T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36309
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3760

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760

reference_id

CVE-2025-3760

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-3760

reference_id

CVE-2025-3760

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-3760

reference_url	https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
reference_id	GHSA-qhp6-vp7c-g7xp
reference_type
scores
url	https://github.com/advisories/GHSA-qhp6-vp7c-g7xp

fixed_packages

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-u1pr-9cpx-q3hg

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132

aliases CVE-2025-3760, GHSA-qhp6-vp7c-g7xp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebzh-bpks-5qe2

url

VCID-evap-nt9g-akf6

vulnerability_id

VCID-evap-nt9g-akf6

summary

Liferay Portal Vulnerable to Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43731

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.15376
published_at	2026-06-05T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15326
published_at	2026-06-07T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15367
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43731

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/41708aa542c103521427ecf06f4b20cb37c65ecf

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/41708aa542c103521427ecf06f4b20cb37c65ecf

reference_url

https://github.com/liferay/liferay-portal/commit/cd1c692dfed3bbebe10074ecb89c561893fffaf9

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/cd1c692dfed3bbebe10074ecb89c561893fffaf9

reference_url

https://github.com/liferay/liferay-portal/commit/f23921fc93cf713f27ed9c4d31b8c1854c0e2abb

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/f23921fc93cf713f27ed9c4d31b8c1854c0e2abb

reference_url

https://liferay.atlassian.net/browse/LPE-18217

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18217

reference_url

https://liferay.atlassian.net/browse/LPE-18219

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18219

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43731

reference_id

CVE-2025-43731

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-18T18:37:36Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43731

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43731

reference_id

CVE-2025-43731

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43731

reference_url	https://github.com/advisories/GHSA-3p2m-574v-v257
reference_id	GHSA-3p2m-574v-v257
reference_type
scores
url	https://github.com/advisories/GHSA-3p2m-574v-v257

fixed_packages

aliases

CVE-2025-43731, GHSA-3p2m-574v-v257

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-evap-nt9g-akf6

url

VCID-g41m-xvk2-xfda

vulnerability_id

VCID-g41m-xvk2-xfda

summary

Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the “first display label” field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43734

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.15326
published_at	2026-06-07T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15367
published_at	2026-06-06T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15376
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43734

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/b4ca1bb0961cc1f230508e072c30815eabce062f

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/b4ca1bb0961cc1f230508e072c30815eabce062f

reference_url

https://liferay.atlassian.net/browse/LPE-18234

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18234

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734

reference_id

CVE-2025-43734

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T19:00:01Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43734

reference_id

CVE-2025-43734

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43734

reference_url	https://github.com/advisories/GHSA-m5c7-5gv3-hcpf
reference_id	GHSA-m5c7-5gv3-hcpf
reference_type
scores
url	https://github.com/advisories/GHSA-m5c7-5gv3-hcpf

fixed_packages

aliases

CVE-2025-43734, GHSA-m5c7-5gv3-hcpf

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-g41m-xvk2-xfda

url

VCID-ggmh-6ef8-7ufj

vulnerability_id

VCID-ggmh-6ef8-7ufj

summary

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web component due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4581

reference_id

reference_type

scores

value	0.00195
scoring_system	epss
scoring_elements	0.41279
published_at	2026-06-05T12:55:00Z

value	0.00195
scoring_system	epss
scoring_elements	0.41252
published_at	2026-06-07T12:55:00Z

value	0.00195
scoring_system	epss
scoring_elements	0.41283
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4581

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581

reference_id

CVE-2025-4581

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T18:52:25Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-4581

reference_id

CVE-2025-4581

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-4581

reference_url	https://github.com/advisories/GHSA-6v93-frf9-2rp8
reference_id	GHSA-6v93-frf9-2rp8
reference_type
scores
url	https://github.com/advisories/GHSA-6v93-frf9-2rp8

fixed_packages

aliases

CVE-2025-4581, GHSA-6v93-frf9-2rp8

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ggmh-6ef8-7ufj

url

VCID-gyge-7d5c-6uhz

vulnerability_id

VCID-gyge-7d5c-6uhz

summary

Liferay Portal's Unlimited File Upload Could Result in DoS
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the object entries attachment fields, the files are stored in the document_library allowing an attacker to cause a potential DDoS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43752

reference_id

reference_type

scores

value	0.0011
scoring_system	epss
scoring_elements	0.28956
published_at	2026-06-05T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.28884
published_at	2026-06-07T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.2892
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43752

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/45dda30252d83912307491d8ed8802577871fa25

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/45dda30252d83912307491d8ed8802577871fa25

reference_url

https://github.com/liferay/liferay-portal/commit/f3e4723acdf15d3f690d401d6eb6a5653e5be391

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/f3e4723acdf15d3f690d401d6eb6a5653e5be391

reference_url

https://github.com/liferay/liferay-portal/commit/fffed67b3fd1cc6071fd25a9b104b7691ffea2f8

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/fffed67b3fd1cc6071fd25a9b104b7691ffea2f8

reference_url

https://liferay.atlassian.net/browse/LPE-18188

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18188

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43752

reference_id

CVE-2025-43752

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T11:27:55Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43752

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43752

reference_id

CVE-2025-43752

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43752

reference_url	https://github.com/advisories/GHSA-qpp6-f3qj-rggq
reference_id	GHSA-qpp6-f3qj-rggq
reference_type
scores
url	https://github.com/advisories/GHSA-qpp6-f3qj-rggq

fixed_packages

aliases

CVE-2025-43752, GHSA-qpp6-f3qj-rggq

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-gyge-7d5c-6uhz

url

VCID-j3pc-gwg6-qfbs

vulnerability_id

VCID-j3pc-gwg6-qfbs

summary

Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels
A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 exists in the Asset Publisher configuration UI within the Source.js module. This vulnerability allows attackers to inject arbitrary JavaScript via DDM structure field labels which are then inserted into the DOM using innerHTML without proper encoding.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43744

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.15864
published_at	2026-06-07T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15904
published_at	2026-06-06T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15915
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43744

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/3b36fadfe92437deab4a55029a1a369e046f3829

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/3b36fadfe92437deab4a55029a1a369e046f3829

reference_url

https://github.com/liferay/liferay-portal/commit/c07a490b3d3759f38c5473cda74e99540bd0235e

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/c07a490b3d3759f38c5473cda74e99540bd0235e

reference_url

https://liferay.atlassian.net/browse/LPE-18271

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18271

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43744

reference_id

CVE-2025-43744

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:14:31Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43744

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43744

reference_id

CVE-2025-43744

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43744

reference_url	https://github.com/advisories/GHSA-m49p-6cjp-x2h3
reference_id	GHSA-m49p-6cjp-x2h3
reference_type
scores
url	https://github.com/advisories/GHSA-m49p-6cjp-x2h3

fixed_packages

aliases

CVE-2025-43744, GHSA-m49p-6cjp-x2h3

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j3pc-gwg6-qfbs

url

VCID-ksvn-b6hv-hfa7

vulnerability_id

VCID-ksvn-b6hv-hfa7

summary

Liferay Portal Enumeration Discrepancy in Calendars
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43743

reference_id

reference_type

scores

value	0.00081
scoring_system	epss
scoring_elements	0.23899
published_at	2026-06-07T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.2395
published_at	2026-06-06T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23967
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43743

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/02528147664475cd9f7205cd8bc05dfd43832201

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/02528147664475cd9f7205cd8bc05dfd43832201

reference_url

https://github.com/liferay/liferay-portal/commit/144e4a276e456c4b7a0831ff038241f82a9181db

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/144e4a276e456c4b7a0831ff038241f82a9181db

reference_url

https://github.com/liferay/liferay-portal/commit/1513ed29f830c9119ee6be623ae783e545da4845

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1513ed29f830c9119ee6be623ae783e545da4845

reference_url

https://github.com/liferay/liferay-portal/commit/1e368205c710403e76749e38127419780acdda9d

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1e368205c710403e76749e38127419780acdda9d

reference_url

https://github.com/liferay/liferay-portal/commit/7d6e1bccb62a41e944e0459d2c4b1eb9fdb31b8e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/7d6e1bccb62a41e944e0459d2c4b1eb9fdb31b8e

reference_url

https://github.com/liferay/liferay-portal/commit/9a88f7fa98f9fc11a9eab444a256204cccc82b77

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9a88f7fa98f9fc11a9eab444a256204cccc82b77

reference_url

https://github.com/liferay/liferay-portal/commit/9aba859a6956786bcd8ce434ef063eed01b5ec6e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9aba859a6956786bcd8ce434ef063eed01b5ec6e

reference_url

https://github.com/liferay/liferay-portal/commit/bd89933cc9022a98fc34b562ce3573a58f14cf38

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/bd89933cc9022a98fc34b562ce3573a58f14cf38

reference_url

https://github.com/liferay/liferay-portal/commit/d999a8e1902e88fdd7a26758f137925d969a639d

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/d999a8e1902e88fdd7a26758f137925d969a639d

reference_url

https://liferay.atlassian.net/browse/LPE-18206

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18206

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743

reference_id

CVE-2025-43743

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T19:28:02Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43743

reference_id

CVE-2025-43743

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43743

reference_url	https://github.com/advisories/GHSA-g4vp-4gqr-7v8c
reference_id	GHSA-g4vp-4gqr-7v8c
reference_type
scores
url	https://github.com/advisories/GHSA-g4vp-4gqr-7v8c

fixed_packages

aliases

CVE-2025-43743, GHSA-g4vp-4gqr-7v8c

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ksvn-b6hv-hfa7

url VCID-nhp5-61h7-ryf4

vulnerability_id VCID-nhp5-61h7-ryf4

summary

Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43735

reference_id

reference_type

scores

value	0.0007
scoring_system	epss
scoring_elements	0.21664
published_at	2026-06-05T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21605
published_at	2026-06-07T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.2165
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43735

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/64d19e457ffc9876fd159a907741618843d7aadb

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/64d19e457ffc9876fd159a907741618843d7aadb

reference_url

https://liferay.atlassian.net/browse/LPE-18158

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18158

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735

reference_id

CVE-2025-43735

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-12T13:31:05Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43735

reference_id

CVE-2025-43735

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43735

reference_url	https://github.com/advisories/GHSA-222w-xmc5-jhp3
reference_id	GHSA-222w-xmc5-jhp3
reference_type
scores
url	https://github.com/advisories/GHSA-222w-xmc5-jhp3

fixed_packages

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-u1pr-9cpx-q3hg

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132

aliases CVE-2025-43735, GHSA-222w-xmc5-jhp3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhp5-61h7-ryf4

url

VCID-s86p-ew9a-rkgt

vulnerability_id

VCID-s86p-ew9a-rkgt

summary

Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability
A Denial Of Service via File Upload (DOS) vulnerability in Liferay Portal 7.4.3.0 through 7.4.3.132, Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload a profile picture of more than 300kb into a user profile. This size is more than the noted max 300kb size. This extra data can significantly slow down the Liferay service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43736

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.46765
published_at	2026-06-07T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46783
published_at	2026-06-06T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.4678
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43736

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/ab8932bee29df7df377c468f662d55e624d9390d

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/ab8932bee29df7df377c468f662d55e624d9390d

reference_url

https://liferay.atlassian.net/browse/LPE-18220

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18220

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43736

reference_id

CVE-2025-43736

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T18:15:44Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43736

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43736

reference_id

CVE-2025-43736

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43736

reference_url	https://github.com/advisories/GHSA-cg99-m88x-422c
reference_id	GHSA-cg99-m88x-422c
reference_type
scores
url	https://github.com/advisories/GHSA-cg99-m88x-422c

fixed_packages

aliases

CVE-2025-43736, GHSA-cg99-m88x-422c

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-s86p-ew9a-rkgt

url VCID-sw28-urg9-tqgd

vulnerability_id VCID-sw28-urg9-tqgd

summary

Liferay Portal and Liferay DXP Reveals Data via Forms
The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2565

reference_id

reference_type

scores

value	0.00356
scoring_system	epss
scoring_elements	0.58201
published_at	2026-06-05T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.58198
published_at	2026-06-07T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.5821
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2565

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565

reference_id

CVE-2025-2565

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:53:33Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-2565

reference_id

CVE-2025-2565

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-2565

reference_url	https://github.com/advisories/GHSA-9fcg-wrp8-qhr4
reference_id	GHSA-9fcg-wrp8-qhr4
reference_type
scores
url	https://github.com/advisories/GHSA-9fcg-wrp8-qhr4

fixed_packages

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-u1pr-9cpx-q3hg

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129

aliases CVE-2025-2565, GHSA-9fcg-wrp8-qhr4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw28-urg9-tqgd

url

VCID-w7z4-h1ug-z3cq

vulnerability_id

VCID-w7z4-h1ug-z3cq

summary

Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43757

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12658
published_at	2026-06-07T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1269
published_at	2026-06-06T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12686
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43757

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/0114bb60238e5ac74b90fba37fa9748c4e6c114a

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/0114bb60238e5ac74b90fba37fa9748c4e6c114a

reference_url

https://github.com/liferay/liferay-portal/commit/0837982b91c5f9e837ec11a93f7e0986e00738fa

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/0837982b91c5f9e837ec11a93f7e0986e00738fa

reference_url

https://github.com/liferay/liferay-portal/commit/45492d30bad4084f36e87ef11c29a5bf5fb4046d

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/45492d30bad4084f36e87ef11c29a5bf5fb4046d

reference_url

https://github.com/liferay/liferay-portal/commit/90396a201d05be5840f99f7487578aab253dfa87

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/90396a201d05be5840f99f7487578aab253dfa87

reference_url

https://github.com/liferay/liferay-portal/commit/9e0026c8aa444937a2bfd079bcca35ab3dd18f5a

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9e0026c8aa444937a2bfd079bcca35ab3dd18f5a

reference_url

https://github.com/liferay/liferay-portal/commit/cc46176ba4142f470d540f2343b36f12a678a240

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/cc46176ba4142f470d540f2343b36f12a678a240

reference_url

https://github.com/liferay/liferay-portal/commit/d001c5ba8a1477755d7d83b8a00aba23036b045b

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/d001c5ba8a1477755d7d83b8a00aba23036b045b

reference_url

https://github.com/liferay/liferay-portal/commit/e83d102bf00af3aa4396c1fc5a1d6b3842ccaeb1

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/e83d102bf00af3aa4396c1fc5a1d6b3842ccaeb1

reference_url

https://liferay.atlassian.net/browse/LPE-18259

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18259

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43757

reference_id

CVE-2025-43757

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T20:00:20Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43757

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43757

reference_id

CVE-2025-43757

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43757

reference_url	https://github.com/advisories/GHSA-62pf-hcwj-rcfc
reference_id	GHSA-62pf-hcwj-rcfc
reference_type
scores
url	https://github.com/advisories/GHSA-62pf-hcwj-rcfc

fixed_packages

aliases

CVE-2025-43757, GHSA-62pf-hcwj-rcfc

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-w7z4-h1ug-z3cq

url

VCID-wpqk-8fd9-p3ex

vulnerability_id

VCID-wpqk-8fd9-p3ex

summary

Liferay Portal Unauthenticated File Access via URL
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43749

reference_id

reference_type

scores

value	0.0013
scoring_system	epss
scoring_elements	0.32039
published_at	2026-06-05T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.33993
published_at	2026-06-07T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34026
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43749

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/5919534a979a97444172f49705b7a224e372e625

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/5919534a979a97444172f49705b7a224e372e625

reference_url

https://github.com/liferay/liferay-portal/commit/b88e7e0912d27cc166fc788b642616ece9e8c484

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/b88e7e0912d27cc166fc788b642616ece9e8c484

reference_url

https://liferay.atlassian.net/browse/LPE-18176

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18176

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43749

reference_id

CVE-2025-43749

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T15:12:36Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43749

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43749

reference_id

CVE-2025-43749

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43749

reference_url	https://github.com/advisories/GHSA-5fx5-cff6-f3fp
reference_id	GHSA-5fx5-cff6-f3fp
reference_type
scores
url	https://github.com/advisories/GHSA-5fx5-cff6-f3fp

fixed_packages

aliases

CVE-2025-43749, GHSA-5fx5-cff6-f3fp

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-wpqk-8fd9-p3ex

Fixing_vulnerabilities

url VCID-2bcr-bxek-skfq

vulnerability_id VCID-2bcr-bxek-skfq

summary

Liferay Portal vulnerable to password enumeration
Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62257

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.0398
published_at	2026-06-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03992
published_at	2026-06-06T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03995
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62257

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/45cffd5030ab78e8b005d9cfd6284311da978c68

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/45cffd5030ab78e8b005d9cfd6284311da978c68

reference_url

https://github.com/liferay/liferay-portal/commit/924a0a47007665693fe2d29623cb48a426a80266

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/924a0a47007665693fe2d29623cb48a426a80266

reference_url

https://github.com/liferay/liferay-portal/commit/d21627ac07561c5063f611be631e63ff502ec8e7

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/d21627ac07561c5063f611be631e63ff502ec8e7

reference_url

https://liferay.atlassian.net/browse/LPE-17692

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17692

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257

reference_id

CVE-2025-62257

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:08:10Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62257

reference_id

CVE-2025-62257

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62257

reference_url

https://github.com/advisories/GHSA-8hw3-ghwv-crfh

reference_id

GHSA-8hw3-ghwv-crfh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8hw3-ghwv-crfh

fixed_packages

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-2mtb-mdha-qufv

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-csnj-331s-43ea

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

aliases CVE-2025-62257, GHSA-8hw3-ghwv-crfh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bcr-bxek-skfq

url VCID-rns1-e6pd-tkex

vulnerability_id VCID-rns1-e6pd-tkex

summary

Liferay Portal Vulnerable to XSS in Web Content translation
Stored Cross-site Scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote attackers to inject arbitrary web script or HTML via any rich text field in a web content article.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43826

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10166
published_at	2026-06-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10198
published_at	2026-06-06T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.10177
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43826

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://liferay.atlassian.net/browse/LPE-17939

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17939

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43826

reference_id

CVE-2025-43826

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T15:03:14Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43826

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43826

reference_id

CVE-2025-43826

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43826

reference_url

https://github.com/advisories/GHSA-qh92-cr5f-3595

reference_id

GHSA-qh92-cr5f-3595

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qh92-cr5f-3595

fixed_packages

url	pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.113-ga113
purl	pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.113-ga113
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.113-ga113

url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27a1-teqk-cbe2

vulnerability	VCID-2dra-x6f5-xybz

vulnerability	VCID-2mtb-mdha-qufv

vulnerability	VCID-434b-p73k-5fam

vulnerability	VCID-4kym-jhtn-cfa3

vulnerability	VCID-4xqq-69ab-1qew

vulnerability	VCID-8xx2-vtnr-dubu

vulnerability	VCID-brjh-tyur-ebc8

vulnerability	VCID-by7b-2zr9-y3dj

vulnerability	VCID-ca62-h2qv-v7bg

vulnerability	VCID-csnj-331s-43ea

vulnerability	VCID-ebzh-bpks-5qe2

vulnerability	VCID-evap-nt9g-akf6

vulnerability	VCID-g41m-xvk2-xfda

vulnerability	VCID-ggmh-6ef8-7ufj

vulnerability	VCID-gyge-7d5c-6uhz

vulnerability	VCID-j3pc-gwg6-qfbs

vulnerability	VCID-ksvn-b6hv-hfa7

vulnerability	VCID-nhp5-61h7-ryf4

vulnerability	VCID-s86p-ew9a-rkgt

vulnerability	VCID-sw28-urg9-tqgd

vulnerability	VCID-w7z4-h1ug-z3cq

vulnerability	VCID-wpqk-8fd9-p3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

aliases CVE-2025-43826, GHSA-qh92-cr5f-3595

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rns1-e6pd-tkex

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120

Package Instance