Home > Vulnerability Database > CVE-2025-43739

Mend.io Vulnerability Database

CVE-2025-43739

Good to know:

Date: August 19, 2025

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated user to modify the content of emails sent through the calendar portlet, allowing an attacker to send phishing emails to any other user in the same organization.

Severity Score

4.7

Related Resources (17)

Url: https://github.com/liferay/liferay-portal/commit/b396c00338e754976a9f63ea1d5393f29babdabb

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/75be892f7cf31e1a38555d45627b0c2a06490d3d

Url: https://github.com/liferay/liferay-portal/commit/7d70fab2259ff8b4a775021eb95bfc183823f8fc

Url: https://liferay.atlassian.net/browse/LPE-18210

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43739

Url: https://github.com/liferay/liferay-portal/commit/5dc74a9f53f0aaa6cc1b6e0f503842832324239a

Url: https://github.com/liferay/liferay-portal/commit/a01a99cc4a5c7436f49790a1bfb386299172149c

Url: https://github.com/liferay/liferay-portal/commit/7eb551616c6b8beeaf660ff7f29b09794cb80d91

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43739

Url: https://github.com/liferay/liferay-portal/commit/e50c1a0a53d30b4e55f47495e265c5b7ea3459e1

Url: https://github.com/liferay/liferay-portal/commit/ff18e7d363f2a3bc83e9d3446f1bc49bee821883

Url: https://github.com/liferay/liferay-portal/commit/ff927f3f6784b396d3a611ac2e5e99b69ff0fd05

Url: https://github.com/liferay/liferay-portal/commit/0a9f5df16ae0afa8216ca568b89b2cdf00054bde

Url: https://github.com/liferay/liferay-portal/commit/f238677d9afb46cfe4e23f05ce11bd5197a70388

Url: https://github.com/liferay/liferay-portal/commit/c1660f1a906c5ee3adca51e68f0abd6f9c1d253f

Url: https://www.mend.io/vulnerability-database/CVE-2025-43739

Severity Score

4.7

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.calendar.service:6.0.83

Learn More

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43739

Good to know:

Date: August 19, 2025

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?