Home > Vulnerability Database > CVE-2025-43766

Mend.io Vulnerability Database

CVE-2025-43766

Good to know:

Date: August 22, 2025

The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books component that are processed within the environment enabling arbitrary code execution by attackers.

Severity Score

5.7

Related Resources (6)

Url: https://github.com/liferay/liferay-portal

Url: https://liferay.atlassian.net/browse/LPE-18145

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43766

Url: https://github.com/liferay/liferay-portal/commit/d4a5b8fc9f88468168603ff8a1f9b81fa5b7c43e

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43766

Url: https://www.mend.io/vulnerability-database/CVE-2025-43766

Severity Score

5.7

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.style.book.web:2.0.117;https://github.com/liferay/liferay-portal.git - 7.4.3.131-ga131

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43766

Good to know:

Date: August 22, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?