icon

We found results for “

CVE-2025-43816

Good to know:

icon
icon

Date: September 25, 2025

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.

Severity Score

Severity Score

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

Top Fix

icon

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.vulcan.impl:5.0.115

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us