PT-2025-37343 · Liferay · Liferay Portal+1
Published
2025-09-12
·
Updated
2025-12-16
·
CVE-2025-43796
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Liferay Portal versions 7.4.0 through 7.4.3.101
Liferay DXP versions 2023.Q3.0 through 2023.Q3.4
Liferay Portal versions 7.4 GA through update 92
Liferay Portal versions 7.3 GA through update 35
Description:
The software does not limit the number of objects returned from GraphQL queries, potentially allowing remote attackers to perform denial-of-service (DoS) attacks by executing queries that return a large number of objects.
Recommendations:
Update Liferay Portal to a version later than 7.4.3.101.
Update Liferay DXP to a version later than 2023.Q3.4.
Update Liferay Portal to a version later than update 92.
Update Liferay Portal to a version later than update 35.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal