CVE-2025-43789

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2024.Q1.1 through 2024.Q1.9 Liferay DXP 7.4 GA through update 92

Description: JSON Web Services in Liferay Portal and DXP are registered and invoked directly as classes, allowing Service Access Policies to be executed. This allows for a bypass of intended security mechanisms.

Recommendations: Update Liferay Portal to a version later than 7.4.3.119. Update Liferay DXP to a version later than 2024.Q1.9. Update Liferay DXP 7.4 to a version later than update 92.