
We found results for “”
CVE-2025-43798
Good to know:


Date: September 15, 2025
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Missing Critical Step in Authentication
CWE-304Top Fix

Upgrade Version
Upgrade to version com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web:2.0.25
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |