Home > Vulnerability Database > CVE-2025-43777

Mend.io Vulnerability Database

CVE-2025-43777

Good to know:

Date: September 8, 2025

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 exposes "Internal Server Error" in the response body when a login attempt is made with a deleted Client Secret.

Severity Score

3.5

Related Resources (5)

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/e4ae0e49dd90485f2f2d8d07ab972da5aba7fa45

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43777

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43777

Url: https://www.mend.io/vulnerability-database/CVE-2025-43777

Severity Score

3.5

Weakness Type (CWE)

Generation of Error Message Containing Sensitive Information

CWE-209

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.security.sso.openid.connect.impl:7.0.48

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43777

Good to know:

Date: September 8, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?