Home > Vulnerability Database > CVE-2025-43819

Mend.io Vulnerability Database

CVE-2025-43819

Good to know:

Date: September 23, 2025

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old user session by SLO API

Severity Score

6.4

Related Resources (8)

Url: https://liferay.atlassian.net/browse/LPE-18159

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/433dff5edae4414fdc436b49a9edb62d721c84b5

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43819

Url: https://osv.dev/vulnerability/GHSA-rpx3-f938-xj5q

Url: https://github.com/liferay/liferay-portal/commit/da9105a61d788801797797a32583a4b76c902cdc

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-43819

Url: https://www.mend.io/vulnerability-database/CVE-2025-43819

Severity Score

6.4

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

Top Fix

Upgrade Version

Upgrade to version com.liferay:com.liferay.saml.impl:5.0.51

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-43819

Good to know:

Date: September 23, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?