CVE-2025-43798

Name of the Vulnerable Software and Affected Versions Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay DXP versions 7.3 GA through update 35 Liferay DXP versions 7.4 GA through update 92

Description The software allows a time-based one-time password (TOTP) to be used multiple times during its validity period. This enables attackers who have access to a user’s TOTP to authenticate as that user.

Recommendations Update Liferay DXP to a version later than 7.3 update 35. Update Liferay DXP to a version later than 7.4 update 92. Update Liferay DXP to a version later than 2023.Q3.4. Update Liferay DXP to a version later than 2023.Q4.0.