Home > Vulnerability Database > CVE-2025-43772

Mend.io Vulnerability Database

CVE-2025-43772

Good to know:

Date: September 3, 2025

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request.

Severity Score

6.5

Related Resources (7)

Url: https://liferay.atlassian.net/browse/LPE-17456

Url: https://github.com/liferay/liferay-portal

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43772

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43772

Url: https://github.com/liferay/liferay-portal/commit/5d62db9d01005fc148297dad37f84660cd8b4a2b

Url: https://github.com/liferay/liferay-portal/commit/566ba7b48d6e8c62e5da71c34bb56b87183bf503

Url: https://www.mend.io/vulnerability-database/CVE-2025-43772

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.workflow.kaleo.forms.web:5.0.29;https://github.com/liferay/liferay-portal.git - 7.4.3.5-ga5

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43772

Good to know:

Date: September 3, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?