Home > Vulnerability Database > CVE-2025-43782

Mend.io Vulnerability Database

CVE-2025-43782

Good to know:

Date: September 11, 2025

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API

Severity Score

4.3

Related Resources (10)

Url: https://github.com/liferay/liferay-portal/commit/c30a8b729e133f7f40277ce7dc350b87d13d49c7

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/acf50c712f7f21c2f52db30883486cb885c8bdd0

Url: https://github.com/liferay/liferay-portal/commit/4e85bafae4c4e17d3f87054d1f1d49a908d79819

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43782

Url: https://github.com/liferay/liferay-portal/commit/ad55ef75cb82c8b1ed01f311488475a646481731

Url: https://github.com/liferay/liferay-portal/commit/b61004c960e10d576634096fccc9f71677df0fbd

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43782

Url: https://github.com/liferay/liferay-portal/commit/720f2d3fde180e5c2971a5d01246dfec36f68131

Url: https://www.mend.io/vulnerability-database/CVE-2025-43782

Severity Score

4.3

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.workflow.kaleo.runtime.integration.impl:5.0.48

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43782

Good to know:

Date: September 11, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?