PT-2025-35303 · Liferay · Liferay Dxp +1

Published

2025-08-29

·

Updated

2025-08-30

·

CVE-2025-43773

Report an issue
CVSS v4.0
4.6
VectorAV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions:

Liferay Portal versions 7.4.0 through 7.4.3.132

Liferay DXP versions 2024.Q1.1 through 2024.Q1.18

Liferay DXP versions 2024.Q2.0 through 2024.Q2.13

Liferay DXP versions 2024.Q3.0 through 2024.Q3.13

Liferay DXP versions 2024.Q4.0 through 2024.Q4.7

Liferay DXP versions 2025.Q1.0 through 2025.Q1.14

Liferay DXP versions 2025.Q2.0 through 2025.Q2.1

Description:

The software contains a security issue that allows for improper access through the `expandoTableLocalService`.

Recommendations:

Liferay Portal versions 7.4.0 through 7.4.3.132 should be updated.

Liferay DXP versions 2024.Q1.1 through 2024.Q1.18 should be updated.

Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 should be updated.

Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 should be updated.

Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 should be updated.

Liferay DXP versions 2025.Q1.0 through 2025.Q1.14 should be updated.

Liferay DXP versions 2025.Q2.0 through 2025.Q2.1 should be updated.

Fix

RCE

Missing Authorization

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-43773
GHSA-876G-49R6-33QJ

Affected Products

Liferay Dxp
Liferay Portal