CVE-2025-43747

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3

Description: A server-side request forgery (SSRF) vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing the domain and bypassing the validation method, as the validation does not distinguish between trusted subdomains and malicious domains.

Recommendations: Liferay DXP version 2025.Q2.3 Liferay DXP version 2025.Q2.2 Liferay DXP version 2025.Q2.1 Liferay DXP version 2025.Q2.0

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-43747

Affected Products

Liferay Dxp

CVE-2025-43747

Weakness Enumeration

Related Identifiers

Affected Products

References · 6