CVE-2025-43803

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.6 Liferay Portal versions 7.4 GA through update 92

Description An insecure direct object reference (IDOR) issue exists in the Contacts Center widget. This allows remote attackers to view contact information, including the contact’s name and email address, via the entryId parameter.

Recommendations Liferay Portal versions 7.4.0 through 7.4.3.119: Update to a newer version. Liferay DXP versions 2023.Q3.1 through 2023.Q3.10: Update to a newer version. Liferay DXP versions 2023.Q4.0 through 2023.Q4.6: Update to a newer version. Liferay Portal versions 7.4 GA through update 92: Update to a newer version.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-43803

GHSA-8C8V-R5JJ-4425

Affected Products

Liferay Dxp

Liferay Portal

CVE-2025-43803

Weakness Enumeration

Related Identifiers

Affected Products

References · 8