CVE-2025-43745

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q2.0 through 2025.Q2.7 Liferay DXP versions 2025.Q1.0 through 2025.Q1.14 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP 7.4 GA through update 92

Description: A Cross-Site Request Forgery (CSRF) issue exists that allows remote attackers to perform cross-origin requests on behalf of an authenticated user. The attack is performed via the endpoint parameter.

Recommendations: Update Liferay Portal to a version later than 7.4.3.132. Update Liferay DXP to a version later than 2025.Q2.7. Update Liferay DXP to a version later than 2025.Q1.14. Update Liferay DXP to a version later than 2024.Q4.7. Update Liferay DXP to a version later than 2024.Q3.13. Update Liferay DXP to a version later than 2024.Q2.13. Update Liferay DXP to a version later than 2024.Q1.19. Update Liferay DXP to a version later than update 92.