
We found results for “”
CVE-2025-43799
Good to know:


Date: September 15, 2025
Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API.
Severity Score
Severity Score
Weakness Type (CWE)
Use of Default Password
CWE-1393Top Fix

Upgrade Version
Upgrade to version com.liferay.portal:com.liferay.portal.impl:97.0.0;https://github.com/liferay/liferay-portal.git - 7.4.3.110-ga110
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | HIGH |
Availability (A): | NONE |