CVE-2025-43767_CVE-2025-43767

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Description

Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.

Basic Information

ID CVE-2025-43767

Source Liferay

Published Aug 23, 2025 at 03:41

Affected Product

Vendor Liferay

Product Portal

Version 7.4.3.86

Affected Versions Liferay Portal 7.4.3.86
Liferay DXP 7.4.13-u86
Liferay DXP 2024.Q1.1
Liferay DXP 2024.Q2.0
Liferay DXP 2024.Q3.1

CWE Classification

CWE-601

References

liferay.dev /portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767

{
    "lastseen": "",
    "description": "Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.",
    "published": "2025-08-23T03:41:34.635Z",
    "modified": "2025-08-23T03:41:34.635Z",
    "type": "cve",
    "title": "CVE-2025-43767",
    "source": "Liferay",
    "references": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767",
    "id": "CVE-2025-43767",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "Liferay Portal 7.4.3.86\nLiferay DXP 7.4.13-u86\nLiferay DXP 2024.Q1.1\nLiferay DXP 2024.Q2.0\nLiferay DXP 2024.Q3.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal",
    "version": "7.4.3.86",
    "vendor": "Liferay",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}