CVE-2025-43773_CVE-2025-43773

4.6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Description

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.

Basic Information

ID CVE-2025-43773

Source Liferay

Published Aug 29, 2025 at 18:59

Modified Aug 29, 2025 at 19:14

Affected Product

Vendor Liferay

Product Portal

Version 7.4.0

Affected Versions Liferay Portal 7.4.0
Liferay DXP 7.4.13
Liferay DXP 2024.Q1.1
Liferay DXP 2024.Q2.0
Liferay DXP 2024.Q3.0
Liferay DXP 2024.Q4.0
Liferay DXP 2025.Q1.0
Liferay DXP 2025.Q2.0

CWE Classification

CWE-862

References

liferay.dev /portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773

{
    "lastseen": "",
    "description": "Liferay Portal  7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.",
    "published": "2025-08-29T18:59:52.288Z",
    "modified": "2025-08-29T19:14:16.693Z",
    "type": "cve",
    "title": "CVE-2025-43773",
    "source": "Liferay",
    "references": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773",
    "id": "CVE-2025-43773",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Liferay Portal 7.4.0\nLiferay DXP 7.4.13\nLiferay DXP 2024.Q1.1\nLiferay DXP 2024.Q2.0\nLiferay DXP 2024.Q3.0\nLiferay DXP 2024.Q4.0\nLiferay DXP 2025.Q1.0\nLiferay DXP 2025.Q2.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal",
    "version": "7.4.0",
    "vendor": "Liferay",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}