{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88521?format=json","vulnerability_id":"VCID-eb9n-cwf1-fbga","summary":"Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to access arbitrary CSS and JSS files and load the files multiple times via the query string in a URL.","aliases":[{"alias":"CVE-2025-43813"},{"alias":"GHSA-2hm7-r8f3-423h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33995?format=json","purl":"pkg:maven/com.liferay.portal/com.liferay.portal.impl@96.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/com.liferay.portal.impl@96.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27881?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.0-ga1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4m1t-nd28-43b2"},{"vulnerability":"VCID-55fq-h94e-kuep"},{"vulnerability":"VCID-5ytw-d875-3yfe"},{"vulnerability":"VCID-69x9-5buz-1yht"},{"vulnerability":"VCID-6f8z-s1fz-57b2"},{"vulnerability":"VCID-7bjy-2h8a-ukbe"},{"vulnerability":"VCID-eb9n-cwf1-fbga"},{"vulnerability":"VCID-ext6-8u2c-xufv"},{"vulnerability":"VCID-gfwc-qjpr-6fgf"},{"vulnerability":"VCID-hqwn-t5mr-13ab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.0-ga1"},{"url":"http://public2.vulnerablecode.io/api/packages/33999?format=json","purl":"pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.107-ga107","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eb9n-cwf1-fbga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.107-ga107"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43813","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41877","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43813"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/7acad68976e831a0f3b855752ad7874e03be1d43","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/7acad68976e831a0f3b855752ad7874e03be1d43"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9159075ede8a1656bf67a893a486c93a9e9fe70a","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9159075ede8a1656bf67a893a486c93a9e9fe70a"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/9be57d358ae0f6181a138ce08f52b80e4b14778a","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/9be57d358ae0f6181a138ce08f52b80e4b14778a"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17865","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17865"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43813","reference_id":"CVE-2025-43813","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:45:14Z/"}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43813"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43813","reference_id":"CVE-2025-43813","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43813"},{"reference_url":"https://github.com/advisories/GHSA-2hm7-r8f3-423h","reference_id":"GHSA-2hm7-r8f3-423h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hm7-r8f3-423h"}],"weaknesses":[{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb9n-cwf1-fbga"}