Home > Vulnerability Database > CVE-2025-43763

Mend.io Vulnerability Database

CVE-2025-43763

Good to know:

Date: September 8, 2025

A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw allows an attacker to manipulate the application into making unauthorized requests to other instances, creating new object entries that link to external resources.

Severity Score

4.8

Related Resources (7)

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43763

Url: https://github.com/liferay/liferay-portal/commit/0adf32842d055f40accc8b341c4feb11a9728261

Url: https://github.com/liferay/liferay-portal

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43763

Url: https://liferay.atlassian.net/browse/LPE-18182

Url: https://github.com/liferay/liferay-portal/commit/e5fe3f9e9916e66a896e7c321e641c6eabbf4dae

Url: https://www.mend.io/vulnerability-database/CVE-2025-43763

Severity Score

4.8

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.object.service:1.0.208

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43763

Good to know:

Date: September 8, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?