CVE-2025-43766

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-43766

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43766.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-43766

Aliases

GHSA-mf9q-87xx-jgvv

Published

2025-08-23T05:15:32.023Z

Modified

2025-12-14T04:48:45.909689Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books component that are processed within the environment enabling arbitrary code execution by attackers.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43766

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

ec84d86679146b84af526f96471a730c340dda78

Fixed

a9017d1f654503189fcd6eecd59bd501a7015b8c

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/liferay/liferay-portal/commit/a9017d1f654503189fcd6eecd59bd501a7015b8c",
        "id": "CVE-2025-43766-0b9fe555",
        "target": {
            "file": "portal-kernel/src/com/liferay/portal/kernel/upgrade/BasePortletPreferencesUpgradeProcess.java"
        },
        "digest": {
            "line_hashes": [
                "103302773237074788461801313682446763330",
                "60853900272161977226321758184551802988",
                "191378307748951099486338189471951812045",
                "164880871512209417113954673574280468464",
                "202485877113214607873722865538960039931",
                "60853900272161977226321758184551802988",
                "191378307748951099486338189471951812045",
                "164880871512209417113954673574280468464"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/liferay/liferay-portal/commit/a9017d1f654503189fcd6eecd59bd501a7015b8c",
        "id": "CVE-2025-43766-98b65317",
        "target": {
            "file": "portal-kernel/src/com/liferay/portal/kernel/upgrade/BasePortletPreferencesUpgradeProcess.java",
            "function": "_upgradePortletPreferenceValues"
        },
        "digest": {
            "function_hash": "170699539902466296749337177159259793854",
            "length": 2763.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43766.json"