PT-2025-37252 · Liferay · Liferay Portal+1
Published
2025-09-11
·
Updated
2025-09-11
·
CVE-2025-43782
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Liferay Portal versions 7.4.0 through 7.4.3.124
Liferay DXP versions 2024.Q1.1 through 2024.Q1.12
Liferay DXP versions 2024.Q2.0 through 2024.Q2.7
Description:
An Insecure Direct Object Reference (IDOR) vulnerability exists in Liferay Portal and DXP. This allows remote authenticated users to access a workflow definition by name via the API.
Recommendations:
Liferay Portal versions prior to 7.4.3.125
Liferay DXP versions prior to 2024.Q1.13
Liferay DXP versions prior to 2024.Q2.8
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal