Home > Vulnerability Database > CVE-2025-43764

Mend.io Vulnerability Database

CVE-2025-43764

Good to know:

Date: August 22, 2025

Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92, which allows authenticated users with permissions to update Kaleo Workflows to enter a malicious Regex pattern causing their browser to hang for a very long time.

Severity Score

7.5

Related Resources (6)

Url: https://liferay.atlassian.net/browse/LPE-18148

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43764

Url: https://github.com/liferay/liferay-portal/commit/12a076172494707748325836b3d5236507be0490

Url: https://github.com/liferay/liferay-portal

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43764

Url: https://www.mend.io/vulnerability-database/CVE-2025-43764

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.workflow.kaleo.designer.web:5.0.145;https://github.com/liferay/liferay-portal.git - 7.4.3.132-ga132

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43764

Good to know:

Date: August 22, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?