Home > Vulnerability Database > CVE-2025-43816

Mend.io Vulnerability Database

CVE-2025-43816

Good to know:

Date: September 25, 2025

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.

Severity Score

6.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43816

Url: https://liferay.atlassian.net/browse/LPE-18005

Url: https://github.com/liferay/liferay-portal

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43816

Url: https://www.mend.io/vulnerability-database/CVE-2025-43816

Severity Score

6.5

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.portal.vulcan.impl:5.0.115

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43816

Good to know:

Date: September 25, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?