Description

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.

Remediation

References

CVE-2025-43773

Related Vulnerabilities

WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)

Claroline Other Vulnerability (CVE-2006-1595)

WordPress Plugin Acunetix Secure WordPress Cross-Site Scripting (3.0.3)

WordPress Improper Input Validation Vulnerability (CVE-2017-6815)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-7305)

Severity

Critical

Classification

CVE-2025-43773 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities