CVE-2025-43806
- Source
- https://cve.org/CVERecord?id=CVE-2025-43806
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43806.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-43806
- Aliases
- Published
- 2025-09-22T22:15:43.057Z
- Modified
- 2026-04-02T12:48:37.937530Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via the REST APIs.
- References
Affected packages
Git / github.com/liferay/liferay-portal
Affected versions
6.*
6.1.0-b1
6.1.0-b2
6.1.0-b3
6.1.0-b4
6.1.0-ga1
6.1.0-rc1
6.1.1-ga2
6.1.2-ga3
6.2.0-b1
6.2.0-b2
6.2.0-ga1
6.2.0-m1
6.2.0-m2
6.2.0-m3
6.2.0-m4
6.2.0-m5
6.2.0-m6
6.2.0-rc1
6.2.0-rc2
6.2.0-rc3
6.2.0-rc4
6.2.0-rc5
6.2.0-rc6
6.2.1-ga2
6.2.2-ga3
6.2.3-ga4
6.2.4-ga5
6.2.5-ga6
7.*
7.0.0-a1
7.0.0-a2
7.0.0-a3
7.0.0-a4
7.0.0-a5
7.0.0-b1
7.0.0-b2
7.0.0-b3
7.0.0-b4
7.0.0-b5
7.0.0-b6
7.0.0-b7
7.0.0-ga1
7.0.0-m1
7.0.0-m2
7.0.0-m3
7.0.0-m4
7.0.0-m5
7.0.0-m6
7.0.0-m7
7.0.1-ga2
7.0.2-ga3
7.0.3-ga4
7.0.4-ga5
7.0.5-ga6
7.0.6-ga7
7.1.0-a1
7.1.0-a2
7.1.0-b1
7.1.0-b2
7.1.0-b3
7.1.0-ga1
7.1.0-m1
7.1.0-m2
7.1.0-rc1
7.1.1-ga2
7.1.2-ga3
7.1.3-ga4
7.2.0-a1
7.2.0-b1
7.2.0-b2
7.2.0-b3
7.2.0-ga1
7.2.0-m2
7.2.0-rc2
7.2.0-rc3
7.2.1-ga2
7.3.0-ga1
7.3.1-ga2
7.3.2-ga3
7.3.3-ga4
7.3.4-ga5
7.3.5-ga6
7.3.6-ga7
7.3.7-ga8
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3
7.4.3.10-ga10
7.4.3.100-ga100
7.4.3.101-ga101
7.4.3.102-ga102
7.4.3.103-ga103
7.4.3.104-ga104
7.4.3.105-ga105
7.4.3.106-ga106
7.4.3.107-ga107
7.4.3.108-ga108
7.4.3.109-ga109
7.4.3.11-ga11
7.4.3.110-ga110
7.4.3.111-ga111
7.4.3.112-ga112
7.4.3.114-ga114
7.4.3.115-ga115
7.4.3.116-ga116
7.4.3.117-ga117
7.4.3.118-ga118
7.4.3.119-ga119
7.4.3.12-ga12
7.4.3.120-ga120
7.4.3.121-ga121
7.4.3.122-ga122
7.4.3.123-ga123
7.4.3.124-ga124
7.4.3.125-ga125
7.4.3.126-ga126
7.4.3.127-ga127
7.4.3.128-ga128
7.4.3.129-ga129
7.4.3.13-ga13
7.4.3.130-ga130
7.4.3.131-ga131
7.4.3.132-ga132
7.4.3.14-ga14
7.4.3.15-ga15
7.4.3.16-ga16
7.4.3.17-ga17
7.4.3.18-ga18
7.4.3.19-ga19
7.4.3.20-ga20
7.4.3.21-ga21
7.4.3.22-ga22
7.4.3.23-ga23
7.4.3.24-ga24
7.4.3.25-ga25
7.4.3.26-ga26
7.4.3.27-ga27
7.4.3.28-ga28
7.4.3.29-ga29
7.4.3.30-ga30
7.4.3.31-ga31
7.4.3.32-ga32
7.4.3.33-ga33
7.4.3.34-ga34
7.4.3.35-ga35
7.4.3.36-ga36
7.4.3.37-ga37
7.4.3.38-ga38
7.4.3.39-ga39
7.4.3.4-ga4
7.4.3.40-ga40
7.4.3.41-ga41
7.4.3.42-ga42
7.4.3.43-ga43
7.4.3.44-ga44
7.4.3.45-ga45
7.4.3.46-ga46
7.4.3.47-ga47
7.4.3.48-ga48
7.4.3.49-ga49
7.4.3.5-ga5
7.4.3.50-ga50
7.4.3.51-ga51
7.4.3.52-ga52
7.4.3.53-ga53
7.4.3.54-ga54
7.4.3.55-ga55
7.4.3.56-ga56
7.4.3.57-ga57
7.4.3.58-ga58
7.4.3.59-ga59
7.4.3.6-ga6
7.4.3.60-ga60
7.4.3.61-ga61
7.4.3.62-ga62
7.4.3.63-ga63
7.4.3.64-ga64
7.4.3.65-ga65
7.4.3.66-ga66
7.4.3.67-ga67
7.4.3.68-ga68
7.4.3.69-ga69
7.4.3.7-ga7
7.4.3.70-ga70
7.4.3.71-ga71
7.4.3.72-ga72
7.4.3.73-ga73
7.4.3.74-ga74
7.4.3.75-ga75
7.4.3.76-ga76
7.4.3.77-ga77
7.4.3.78-ga78
7.4.3.79-ga79
7.4.3.8-ga8
7.4.3.80-ga80
7.4.3.81-ga81
7.4.3.82-ga82
7.4.3.83-ga83
7.4.3.84-ga84
7.4.3.85-ga85
7.4.3.86-ga86
7.4.3.87-ga87
7.4.3.88-ga88
7.4.3.89-ga89
7.4.3.9-ga9
7.4.3.90-ga90
7.4.3.91-ga91
7.4.3.92-ga92
7.4.3.93-ga93
7.4.3.94-ga94
7.4.3.95-ga95
7.4.3.96-ga96
7.4.3.97-ga97
7.4.3.98-ga98
7.4.3.99-ga99
commerce-2.*
commerce-2.0.7
commerce-2.1.0
commerce-2.1.1
commerce-2.1.2
sync-3.*
sync-3.0.0-b1
sync-3.0.1-b2
sync-3.0.10-ga2
sync-3.0.2-b3
sync-3.0.3-b4
sync-3.0.4-b5
sync-3.0.5-b6
sync-3.0.6-b7
sync-3.0.7-b8
sync-3.0.8-b9
sync-3.0.9-ga1
sync-3.1.0-ga1
Other
test-fix-pack-base-7310
test-sandbox-2-fix-pack-fix-89660450
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43806.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "2023.Q3.1"
},
{
"last_affected": "2023.Q3.10"
}
]
},
{
"events": [
{
"introduced": "2023.Q4.0"
},
{
"fixed": "2023.Q4.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update28"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update36"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update37"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update38"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update40"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update41"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update42"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update43"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update44"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update45"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update46"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update47"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update48"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update49"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update50"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update51"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update52"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update53"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update54"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update55"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update56"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update57"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update58"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update59"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update60"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update61"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update62"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update63"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update65"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update66"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update67"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update68"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update69"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update70"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update71"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update72"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update73"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update74"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update75"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update76"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update77"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update78"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update79"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update80"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update81"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update82"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update83"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update84"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update85"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update86"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update87"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update88"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update89"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update90"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update91"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update92"
}
]
}
]