Vulnerability DatabaseCVE-2025-43767
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-43767
August 23, 2025
Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.
Affected Packages
https://github.com/liferay/liferay-portal.git (GITHUB):
Affected version(s) >=7.0.0-ga1 <7.4.3.100-ga100
Fix Suggestion:
Update to version 7.4.3.100-ga100
com.liferay:com.liferay.info.impl (JAVA):
Affected version(s) >=1.0.0 <5.0.69
Fix Suggestion:
Update to version 5.0.69
Related Resources (5)
https://github.com/liferay/liferay-portal
https://liferay.atlassian.net/browse/LPE-18139
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767
https://github.com/liferay/liferay-portal/commit/04d6892c12f8c3d12085124b6cb856dfacb9bb89
https://nvd.nist.gov/vuln/detail/CVE-2025-43767
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
ACTIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
URL Redirection to Untrusted Site ('Open Redirect')
CWE-601
EPSS
Base Score:
0.03