CVE-2025-43795

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 GA through update 35 Older unsupported versions

Description: An open redirect issue exists in System Settings, Instance Settings, and Site Settings. This allows remote attackers to redirect users to arbitrary external URLs via the com liferay configuration admin web portlet SystemSettingsPortlet redirect parameter, the com liferay configuration admin web portlet InstanceSettingsPortlet redirect parameter, and the com liferay site admin web portlet SiteSettingsPortlet redirect parameter.

Recommendations: Liferay Portal versions 7.1.0 through 7.4.3.101: Update to a version beyond 7.4.3.101. Liferay DXP versions 2023.Q3.1 through 2023.Q3.4: Update to a version beyond 2023.Q3.4. Liferay Portal 7.4 GA through update 92: Update to a version beyond update 92. Liferay Portal 7.3 GA through update 35: Update to a version beyond update 35. Older unsupported versions: Update to a supported version.