CVE-2025-43814

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay Portal 7.4 GA through update 92 Older unsupported versions

Description The audit events record a user’s password reminder answer, potentially allowing remote authenticated users to obtain a user’s password reminder answer via the audit events.

Recommendations Update Liferay Portal to a version later than 7.4.3.112. Update Liferay DXP to a version later than 2023.Q4.8. Update Liferay DXP to a version later than 2023.Q3.10. Update Liferay Portal 7.4 to a version later than update 92.