Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-43743

Good to know:

icon

Date: August 19, 2025

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users.

Severity Score

Related Resources (14)

https://github.com/liferay/liferay-portal
https://github.com/liferay/liferay-portal/commit/1e368205c710403e76749e38127419780acdda9d
https://github.com/liferay/liferay-portal/commit/1513ed29f830c9119ee6be623ae783e545da4845
https://github.com/liferay/liferay-portal/commit/9aba859a6956786bcd8ce434ef063eed01b5ec6e
https://github.com/liferay/liferay-portal/commit/144e4a276e456c4b7a0831ff038241f82a9181db
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743
https://github.com/liferay/liferay-portal/commit/7d6e1bccb62a41e944e0459d2c4b1eb9fdb31b8e
https://nvd.nist.gov/vuln/detail/CVE-2025-43743
https://github.com/liferay/liferay-portal/commit/9a88f7fa98f9fc11a9eab444a256204cccc82b77
https://github.com/liferay/liferay-portal/commit/d999a8e1902e88fdd7a26758f137925d969a639d
https://github.com/liferay/liferay-portal/commit/bd89933cc9022a98fc34b562ce3573a58f14cf38
https://github.com/liferay/liferay-portal/commit/02528147664475cd9f7205cd8bc05dfd43832201
https://liferay.atlassian.net/browse/LPE-18206
https://www.mend.io/vulnerability-database/CVE-2025-43743

Severity Score

Weakness Type (CWE)

Observable Discrepancy

CWE-203

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us