CVE-2025-43749

Source
https://cve.org/CVERecord?id=CVE-2025-43749
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43749.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-43749
Aliases
Published
2025-08-20T13:15:27.413Z
Modified
2026-07-08T06:56:31.737210091Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "liferay:digital_experience_platform",
            "extracted_events": [
                {
                    "introduced": "2024.Q1.1"
                },
                {
                    "fixed": "2024.Q1.15"
                },
                {
                    "introduced": "2024.q2.0"
                },
                {
                    "last_affected": "2024.q2.13"
                },
                {
                    "introduced": "2024.q3.1"
                },
                {
                    "last_affected": "2024.q3.13"
                },
                {
                    "introduced": "2024.q4.0"
                },
                {
                    "last_affected": "2024.q4.7"
                },
                {
                    "introduced": "2025.Q1.0"
                },
                {
                    "fixed": "2025.Q1.2"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*"
            ],
            "vendor_product": "liferay:digital_experience_platform",
            "extracted_events": [
                {
                    "introduced": "7.4"
                },
                {
                    "last_affected": "7.4"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Database specific
{
    "cpe": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.4.0"
        },
        {
            "last_affected": "7.4.3.132"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

7.*
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3
7.4.3.132-ga132
7.4.3.4-ga4
7.4.3.41-ga41
7.4.3.5-ga5
7.4.3.6-ga6
7.4.3.7-ga7
7.4.3.88-ga88

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43749.json"