Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay/com.liferay.portal.workflow.kaleo.runtime.impl@6.0.83

Type maven

Namespace com.liferay

Name com.liferay.portal.workflow.kaleo.runtime.impl

Version 6.0.83

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.93

Latest_non_vulnerable_version 6.0.93

Affected_by_vulnerabilities

url VCID-un4y-3x12-xba8

vulnerability_id VCID-un4y-3x12-xba8

summary

Liferay Portal allows improper access through the expandoTableLocalService
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43773

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.2207
published_at	2026-06-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22117
published_at	2026-06-06T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22024
published_at	2026-06-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22132
published_at	2026-06-05T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22014
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43773

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/1cbc4b615c270ce986b7fa1835ed196a11ac3234

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/1cbc4b615c270ce986b7fa1835ed196a11ac3234

reference_url

https://github.com/liferay/liferay-portal/commit/58849cc83348af289944c874301e16e039ae4270

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/58849cc83348af289944c874301e16e039ae4270

reference_url

https://github.com/liferay/liferay-portal/commit/8eacaaa1e3552648a3e4a0975731641087d186af

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/8eacaaa1e3552648a3e4a0975731641087d186af

reference_url

https://github.com/liferay/liferay-portal/commit/9f56b195aec5c1c904242206d61f3fe412701941

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9f56b195aec5c1c904242206d61f3fe412701941

reference_url

https://github.com/liferay/liferay-portal/commit/f33cda648a9082567d7de06c27ba9d3583ee8ff5

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/f33cda648a9082567d7de06c27ba9d3583ee8ff5

reference_url

https://liferay.atlassian.net/browse/LPE-18262

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-18262

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773

reference_id

CVE-2025-43773

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-29T19:07:38Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43773

reference_id

CVE-2025-43773

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43773

reference_url

https://github.com/advisories/GHSA-876g-49r6-33qj

reference_id

GHSA-876g-49r6-33qj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-876g-49r6-33qj

fixed_packages

url	pkg:maven/com.liferay/com.liferay.portal.workflow.kaleo.runtime.impl@6.0.93
purl	pkg:maven/com.liferay/com.liferay.portal.workflow.kaleo.runtime.impl@6.0.93
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.workflow.kaleo.runtime.impl@6.0.93

aliases CVE-2025-43773, GHSA-876g-49r6-33qj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-un4y-3x12-xba8

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay/com.liferay.portal.workflow.kaleo.runtime.impl@6.0.83

Package Instance