Home > Vulnerability Database > CVE-2025-43751

Mend.io Vulnerability Database

CVE-2025-43751

Good to know:

Date: August 22, 2025

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92 allows remote attackers to determine if an account exist in the application via the create account page.

Severity Score

5.8

Related Resources (13)

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43751

Url: https://github.com/liferay/liferay-portal/commit/7e9e29a9dac8e5b6db6f2a480c98b483584b2f87

Url: https://liferay.atlassian.net/browse/LPE-18203

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/4843e000995ef5fbe4e4f14dce23c2f3116940de

Url: https://github.com/liferay/liferay-portal/commit/097597e31b596295cb993bac596a42f06ac1e6d8

Url: https://github.com/liferay/liferay-portal/commit/4f3b52bc92875cd0a0958ea33dece09b8224e6dc

Url: https://github.com/liferay/liferay-portal/commit/609104647a5a0bb79627ef689a2f8dc9fe9fbb05

Url: https://github.com/liferay/liferay-portal/commit/1205e7bbcc31c40180935044d39ebf158b5256e1

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43751

Url: https://github.com/liferay/liferay-portal/commit/7b8376791cfe22bfce14e5f241af1d158d535fd8

Url: https://github.com/liferay/liferay-portal/commit/4987ff8641b970db3dca14d75bb9687120107c3b

Url: https://www.mend.io/vulnerability-database/CVE-2025-43751

Severity Score

5.8

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.login.web:6.0.66

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43751

Good to know:

Date: August 22, 2025

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?