PT-2025-37277 · Liferay · Liferay Portal+1
4Rth4S
·
Published
2025-09-12
·
Updated
2025-12-16
·
CVE-2025-43788
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Liferay Portal versions 7.4.0 through 7.4.3.124
Liferay DXP versions 2024.Q1.1 through 2024.Q1.12
Liferay DXP versions 7.4 update 81 through update 85
Description:
The organization selector does not verify user permissions, potentially allowing remote authenticated users to retrieve a list of all organizations.
Recommendations:
Update Liferay Portal to a version later than 7.4.3.124.
Update Liferay DXP to a version later than 2024.Q1.12.
Update Liferay DXP to a version later than 7.4 update 85.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal