Home > Vulnerability Database > CVE-2025-43759

Mend.io Vulnerability Database

CVE-2025-43759

Good to know:

Date: August 22, 2025

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the default/main virtual instance, then any tenant can create a list of all other tenants.

Severity Score

4.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43759

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/e8cbc7c27e5ed51c4079dd62738713f31afb46f7

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43759

Url: https://liferay.atlassian.net/browse/LPE-18185

Url: https://github.com/liferay/liferay-portal/commit/2e29e6733bc0e058bef89d16faac542bf2585346

Url: https://www.mend.io/vulnerability-database/CVE-2025-43759

Severity Score

4.5

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.layout.impl:6.0.147

Learn More

CVSS v3.1

Base Score:	4.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43759

Good to know:

Date: August 22, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?