csaf_certbund - wid-sec-w-2025-1861

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Liferay Portal ist eine Open-Source-Webplattform f\u00fcr Unternehmen, die ein Framework f\u00fcr die Erstellung und Verwaltung von webbasierten Anwendungen und Inhalten bietet.\r\nLiferay DXP (Digital Experience Platform) ist eine erweiterte und kommerziell unterst\u00fctzte Version von Liferay Portal, die zus\u00e4tzliche Funktionen und Dienste bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Liferay Portal und Liferay DXP ausnutzen, um Sicherheitsvorkehrungen zu umgehen, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1861 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1861.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1861 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1861"
      },
      {
        "category": "external",
        "summary": "Liferay Security Advisory CVE-2025-3639 vom 2025-08-18",
        "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-3639-1"
      },
      {
        "category": "external",
        "summary": "Liferay Security Advisory CVE-2025-43731 vom 2025-08-18",
        "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43731"
      },
      {
        "category": "external",
        "summary": "Liferay Security Advisory CVE-2025-43732 vom 2025-08-18",
        "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43732"
      },
      {
        "category": "external",
        "summary": "Liferay Security Advisory CVE-2025-43733 vom 2025-08-18",
        "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43733"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2025-3639 vom 2025-09-14",
        "url": "https://github.com/6lj/CVE-2025-3639"
      }
    ],
    "source_lang": "en-US",
    "title": "Liferay DXP und Portal: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-14T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-15T04:56:06.744+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1861",
      "initial_release_date": "2025-08-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-09-14T22:00:00.000+00:00",
          "number": "2",
          "summary": "PoC f\u00fcr CVE-2025-3639 aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2025.Q2.0",
                "product": {
                  "name": "Liferay DXP \u003c2025.Q2.0",
                  "product_id": "T046316"
                }
              },
              {
                "category": "product_version",
                "name": "2025.Q2.0",
                "product": {
                  "name": "Liferay DXP 2025.Q2.0",
                  "product_id": "T046316-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:liferay:dxp:2025.q2.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2025.Q1.11",
                "product": {
                  "name": "Liferay DXP \u003c2025.Q1.11",
                  "product_id": "T046319"
                }
              },
              {
                "category": "product_version",
                "name": "2025.Q1.11",
                "product": {
                  "name": "Liferay DXP 2025.Q1.11",
                  "product_id": "T046319-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:liferay:dxp:2025.q1.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2024.Q1.18",
                "product": {
                  "name": "Liferay DXP \u003c2024.Q1.18",
                  "product_id": "T046320"
                }
              },
              {
                "category": "product_version",
                "name": "2024.Q1.18",
                "product": {
                  "name": "Liferay DXP 2024.Q1.18",
                  "product_id": "T046320-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:liferay:dxp:2024.q1.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2025.Q1.9",
                "product": {
                  "name": "Liferay DXP \u003c2025.Q1.9",
                  "product_id": "T046321"
                }
              },
              {
                "category": "product_version",
                "name": "2025.Q1.9",
                "product": {
                  "name": "Liferay DXP 2025.Q1.9",
                  "product_id": "T046321-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:liferay:dxp:2025.q1.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2024.Q1.17",
                "product": {
                  "name": "Liferay DXP \u003c2024.Q1.17",
                  "product_id": "T046322"
                }
              },
              {
                "category": "product_version",
                "name": "2024.Q1.17",
                "product": {
                  "name": "Liferay DXP 2024.Q1.17",
                  "product_id": "T046322-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:liferay:dxp:2024.q1.17"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DXP"
          },
          {
            "category": "product_name",
            "name": "Liferay Portal",
            "product": {
              "name": "Liferay Portal",
              "product_id": "T046315",
              "product_identification_helper": {
                "cpe": "cpe:/a:liferay:liferay_portal:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Liferay"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-3639",
      "product_status": {
        "known_affected": [
          "T046316",
          "T046315",
          "T046319",
          "T046320",
          "T046321",
          "T046322"
        ]
      },
      "release_date": "2025-08-18T22:00:00.000+00:00",
      "title": "CVE-2025-3639"
    },
    {
      "cve": "CVE-2025-43732",
      "product_status": {
        "known_affected": [
          "T046316",
          "T046315",
          "T046319",
          "T046320",
          "T046321",
          "T046322"
        ]
      },
      "release_date": "2025-08-18T22:00:00.000+00:00",
      "title": "CVE-2025-43732"
    },
    {
      "cve": "CVE-2025-43731",
      "product_status": {
        "known_affected": [
          "T046316",
          "T046315",
          "T046319",
          "T046320",
          "T046321",
          "T046322"
        ]
      },
      "release_date": "2025-08-18T22:00:00.000+00:00",
      "title": "CVE-2025-43731"
    },
    {
      "cve": "CVE-2025-43733",
      "product_status": {
        "known_affected": [
          "T046316",
          "T046315",
          "T046319",
          "T046320",
          "T046321",
          "T046322"
        ]
      },
      "release_date": "2025-08-18T22:00:00.000+00:00",
      "title": "CVE-2025-43733"
    }
  ]
}

CVE-2025-43731 (GCVE-0-2025-43731)

Vulnerability from cvelistv5 – Published: 2025-08-18 18:20 – Updated: 2025-08-18 18:37

Summary

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Assigner

Liferay

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 7.4.0 , ≤ 7.4.3.132 (maven)

Affected: 7.4.13 , ≤ 7.4.13-u92 (maven)
Affected: 2024.Q1.1 , ≤ 2024.Q1.16 (maven)
Affected: 2024Q2.0 , ≤ 2023.Q2.13 (maven)
Affected: 2024.Q3.1 , ≤ 2024.Q3.13 (maven)
Affected: 2024.Q4.0 , ≤ 2024.Q4.7 (maven)
Affected: 2025.Q1.0 , ≤ 2025.Q1.8 (maven)

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-18T18:37:36.688954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-18T18:37:51.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Portal",
          "vendor": "Liferay",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3.132",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DXP",
          "vendor": "Liferay",
          "versions": [
            {
              "lessThanOrEqual": "7.4.13-u92",
              "status": "affected",
              "version": "7.4.13",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2024.Q1.16",
              "status": "affected",
              "version": "2024.Q1.1",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2023.Q2.13",
              "status": "affected",
              "version": "2024Q2.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2024.Q3.13",
              "status": "affected",
              "version": "2024.Q3.1",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2024.Q4.7",
              "status": "affected",
              "version": "2024.Q4.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2025.Q1.8",
              "status": "affected",
              "version": "2025.Q1.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories."
            }
          ],
          "value": "A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T18:20:16.319Z",
        "orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
        "shortName": "Liferay"
      },
      "references": [
        {
          "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43731"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
    "assignerShortName": "Liferay",
    "cveId": "CVE-2025-43731",
    "datePublished": "2025-08-18T18:20:16.319Z",
    "dateReserved": "2025-04-17T10:55:20.337Z",
    "dateUpdated": "2025-08-18T18:37:51.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43733 (GCVE-0-2025-43733)

Vulnerability from cvelistv5 – Published: 2025-08-18 12:06 – Updated: 2025-08-18 18:59

Summary

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user's browser when viewing the "document View Usages" page.

Severity ?

2.3 (Low)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Assigner

Liferay

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 7.4.3.132 (maven)

Affected: 2025.Q1.0 , ≤ 2025.Q1.7 (maven)

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43733",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-18T13:36:11.482044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-18T18:59:43.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Portal",
          "vendor": "Liferay",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.3.132",
              "versionType": "maven"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DXP",
          "vendor": "Liferay",
          "versions": [
            {
              "lessThanOrEqual": "2025.Q1.7",
              "status": "affected",
              "version": "2025.Q1.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page\u0027s name field. This malicious payload is then reflected and executed within the user\u0027s browser when viewing the \"document View Usages\" page."
            }
          ],
          "value": "A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page\u0027s name field. This malicious payload is then reflected and executed within the user\u0027s browser when viewing the \"document View Usages\" page."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T12:06:07.560Z",
        "orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
        "shortName": "Liferay"
      },
      "references": [
        {
          "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43733"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
    "assignerShortName": "Liferay",
    "cveId": "CVE-2025-43733",
    "datePublished": "2025-08-18T12:06:07.560Z",
    "dateReserved": "2025-04-17T10:55:20.337Z",
    "dateUpdated": "2025-08-18T18:59:43.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-3639 (GCVE-0-2025-3639)

Vulnerability from cvelistv5 – Published: 2025-08-18 16:48 – Updated: 2025-08-18 19:51

Summary

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled.

Severity ?

2 (Low)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

Liferay

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 7.3.0 , ≤ 7.4.3.132 (maven)

Affected: 7.3.10 , ≤ 7.3.10-u36 (maven)
Affected: 7.4.13 , ≤ 7.4.13-u92 (maven)
Affected: 2024.Q1.1 , ≤ 2024.Q1.15 (maven)
Affected: 2024Q2.0 , ≤ 2023.Q2.13 (maven)
Affected: 2024.Q3.1 , ≤ 2024.Q3.13 (maven)
Affected: 2024.Q4.0 , ≤ 2024.Q4.7 (maven)
Affected: 2025.Q1.0 , ≤ 2025.Q1.6 (maven)

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3639",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-18T19:51:41.548713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-18T19:51:51.759Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Portal",
          "vendor": "Liferay",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3.132",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DXP",
          "vendor": "Liferay",
          "versions": [
            {
              "lessThanOrEqual": "7.3.10-u36",
              "status": "affected",
              "version": "7.3.10",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "7.4.13-u92",
              "status": "affected",
              "version": "7.4.13",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2024.Q1.15",
              "status": "affected",
              "version": "2024.Q1.1",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2023.Q2.13",
              "status": "affected",
              "version": "2024Q2.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2024.Q3.13",
              "status": "affected",
              "version": "2024.Q3.1",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2024.Q4.7",
              "status": "affected",
              "version": "2024.Q4.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "2025.Q1.6",
              "status": "affected",
              "version": "2025.Q1.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled."
            }
          ],
          "value": "Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T16:48:41.222Z",
        "orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
        "shortName": "Liferay"
      },
      "references": [
        {
          "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
    "assignerShortName": "Liferay",
    "cveId": "CVE-2025-3639",
    "datePublished": "2025-08-18T16:48:41.222Z",
    "dateReserved": "2025-04-15T11:49:52.301Z",
    "dateUpdated": "2025-08-18T19:51:51.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43732 (GCVE-0-2025-43732)

Vulnerability from cvelistv5 – Published: 2025-08-18 13:20 – Updated: 2025-08-18 18:59

Summary

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_groupId. When an organization administrator modifies this parameter id value, they can gain unauthorized access to user lists from other organizations.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

Liferay

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 7.4.3.0 , ≤ 7.4.3.132 (maven)

Affected: 7.4.13 , ≤ 7.4.13-u92 (maven)
Affected: 2024.Q1.1 , ≤ 2024.Q1.17 (maven)
Affected: 2024Q2.0 , ≤ 2023.Q2.13 (maven)
Affected: 2024.Q3.1 , ≤ 2024.Q3.13 (maven)
Affected: 2024.Q4.0 , ≤ 2024.Q4.7 (maven)
Affected: 2025.Q1.0 , ≤ 2025.Q1.10 (maven)

Show details on NVD website