icon

We found results for “

CVE-2025-43798

Good to know:

icon
icon

Date: September 15, 2025

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.

Severity Score

Severity Score

Weakness Type (CWE)

Missing Critical Step in Authentication

CWE-304

Top Fix

icon

Upgrade Version

Upgrade to version com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web:2.0.25

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us