CVE-2025-43748_CVE-2025-43748

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery

Basic Information

ID CVE-2025-43748

Source Liferay

Published Aug 20, 2025 at 14:28

Modified Aug 20, 2025 at 15:00

Affected Product

Vendor Liferay

Product Portal

Version 7.0.0

Affected Versions Liferay Portal 7.0.0
Liferay DXP 6.2.0
Liferay DXP 7.0.10
Liferay DXP 7.1.10
Liferay DXP 7.2.10
Liferay DXP 7.3.10
Liferay DXP 7.4.13
Liferay DXP 2023.Q3.1
Liferay DXP 2023.Q4.0
Liferay DXP 2024.Q1.1

CWE Classification

CWE-352

References

liferay.dev /portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748

{
    "lastseen": "",
    "description": "Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery",
    "published": "2025-08-20T14:28:21.840Z",
    "modified": "2025-08-20T15:00:29.188Z",
    "type": "cve",
    "title": "CVE-2025-43748",
    "source": "Liferay",
    "references": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748",
    "id": "CVE-2025-43748",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "Liferay Portal 7.0.0\nLiferay DXP 6.2.0\nLiferay DXP 7.0.10\nLiferay DXP 7.1.10\nLiferay DXP 7.2.10\nLiferay DXP 7.3.10\nLiferay DXP 7.4.13\nLiferay DXP 2023.Q3.1\nLiferay DXP 2023.Q4.0\nLiferay DXP 2024.Q1.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal",
    "version": "7.0.0",
    "vendor": "Liferay",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}