Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.liferay.commerce/com.liferay.commerce.service@11.0.70

Type maven

Namespace com.liferay.commerce

Name com.liferay.commerce.service

Version 11.0.70

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 11.0.164

Latest_non_vulnerable_version 11.0.164

Affected_by_vulnerabilities

url VCID-3khy-zkcx-vqgf

vulnerability_id VCID-3khy-zkcx-vqgf

summary Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a note to an order in a different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-43810

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22859
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-43810

reference_url

https://github.com/liferay/liferay-portal

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal

reference_url

https://github.com/liferay/liferay-portal/commit/72259fbf5a81596e99b615df480dee0b0fa3aa09

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/72259fbf5a81596e99b615df480dee0b0fa3aa09

reference_url

https://github.com/liferay/liferay-portal/commit/9fad6a23b3c04146ef80a59b056f24b17cc2e721

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/liferay/liferay-portal/commit/9fad6a23b3c04146ef80a59b056f24b17cc2e721

reference_url

https://liferay.atlassian.net/browse/LPE-17935

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://liferay.atlassian.net/browse/LPE-17935

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-43810

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-43810

reference_url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43810

reference_id

CVE-2025-43810

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-23T15:53:12Z/

url

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43810

reference_url

https://github.com/advisories/GHSA-f372-9rcj-8w2c

reference_id

GHSA-f372-9rcj-8w2c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f372-9rcj-8w2c

fixed_packages

url	pkg:maven/com.liferay.commerce/com.liferay.commerce.service@11.0.164
purl	pkg:maven/com.liferay.commerce/com.liferay.commerce.service@11.0.164
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.commerce/com.liferay.commerce.service@11.0.164

aliases CVE-2025-43810, GHSA-f372-9rcj-8w2c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3khy-zkcx-vqgf

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.commerce/com.liferay.commerce.service@11.0.70

Package Instance