CVE-2025-43786
- Source
- https://cve.org/CVERecord?id=CVE-2025-43786
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43786.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-43786
- Aliases
- Published
- 2025-09-09T20:15:40.230Z
- Modified
- 2026-04-12T16:55:21.214738Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.
- References
Affected packages
Git / github.com/liferay/liferay-portal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/liferay/liferay-portal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.4-update1" }, { "introduced": "0" }, { "last_affected": "7.4-update2" }, { "introduced": "7.4.0" }, { "fixed": "7.4.3.129" } ] }
Affected versions
7.*
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3
7.4.3.4-ga4
7.4.3.41-ga41
7.4.3.5-ga5
7.4.3.6-ga6
7.4.3.7-ga7
7.4.3.88-ga88
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43786.json"
vanir_signatures_modified
"2026-04-12T16:55:21Z"
vanir_signatures
[
{
"target": {
"file": "modules/apps/dynamic-data-mapping/dynamic-data-mapping-test/src/testIntegration/java/com/liferay/dynamic/data/mapping/internal/upgrade/v5_6_1/test/DDMFieldAttributeUpgradeProcessTest.java",
"function": "testUpgradeProcess"
},
"id": "CVE-2025-43786-89cd59f6",
"source": "https://github.com/liferay/liferay-portal/commit/9bc3ecc0e54e74532403f3b281d3d542e95babd8",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 304.0,
"function_hash": "57115968376390560967885530032985434205"
},
"signature_version": "v1"
},
{
"target": {
"file": "modules/apps/dynamic-data-mapping/dynamic-data-mapping-test/src/testIntegration/java/com/liferay/dynamic/data/mapping/internal/upgrade/v5_6_1/test/DDMFieldAttributeUpgradeProcessTest.java"
},
"id": "CVE-2025-43786-ee25579f",
"source": "https://github.com/liferay/liferay-portal/commit/9bc3ecc0e54e74532403f3b281d3d542e95babd8",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"179772675958613422767713377468908871682",
"244399705317510526091317168555219523761",
"132569019723834552443776610039766080788",
"32054084799560152186930759783497281023",
"234529184054465291764936572438166749093",
"78377685304783572495740352849876029142",
"134663871138638082137858968838889813557",
"7936592204798143019898109296741974255"
]
},
"signature_version": "v1"
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "2024.Q1.1"
},
{
"fixed": "2024.Q1.13"
}
]
},
{
"events": [
{
"introduced": "2024.q2.0"
},
{
"last_affected": "2024.q2.13"
}
]
},
{
"events": [
{
"introduced": "2024.Q3.0"
},
{
"fixed": "2024.Q3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update28"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update36"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update37"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update38"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update40"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update41"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update42"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update43"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update44"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update45"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update46"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update47"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update48"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update49"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update50"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update51"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update52"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update53"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update54"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update55"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update56"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update57"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update58"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update59"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update60"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update61"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update62"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update63"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update65"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update66"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update67"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update68"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update69"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update70"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update71"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update72"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update73"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update74"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update75"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update76"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update77"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update78"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update79"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update80"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update81"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update82"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update83"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update84"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update85"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update86"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update87"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update88"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update89"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update90"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update91"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update92"
}
]
}
]