We found results for “”
CVE-2025-43798
Good to know:
Date: September 15, 2025
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Missing Critical Step in Authentication
CWE-304Top Fix
Upgrade Version
Upgrade to version com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web:2.0.25
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |
Vulnerabilities
Projects
Contact Us


