CVE-2025-43793

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4 GA through update 92 Liferay Portal versions 7.4.0 through 7.4.3.105 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0

Description Liferay Portal and DXP may incorrectly identify the subdomain of a domain name and create a supercookie. This allows remote attackers who control a website that shares the same Top-Level Domain (TLD) to read cookies set by the application. A supercookie is a tracking mechanism that can store more data than a standard cookie and is often more difficult to remove.

Recommendations Update Liferay Portal to a version later than 7.4.3.105. Update Liferay DXP to a version later than 2023.Q4.0. Update Liferay Portal to a version later than 7.4 update 92. Update Liferay Portal to a version later than 7.3 update 35.