CVE-2025-43819

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-43819

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43819.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-43819

Aliases

GHSA-rpx3-f938-xj5q

Published

2025-09-24T02:15:31.107Z

Modified

2025-12-17T05:49:51.606126Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old user session by SLO API

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43819

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

ba7363462977f333af61938abf95bb4aafe64a26

Fixed

a9017d1f654503189fcd6eecd59bd501a7015b8c

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "103302773237074788461801313682446763330",
                "60853900272161977226321758184551802988",
                "191378307748951099486338189471951812045",
                "164880871512209417113954673574280468464",
                "202485877113214607873722865538960039931",
                "60853900272161977226321758184551802988",
                "191378307748951099486338189471951812045",
                "164880871512209417113954673574280468464"
            ]
        },
        "id": "CVE-2025-43819-0b9fe555",
        "source": "https://github.com/liferay/liferay-portal/commit/a9017d1f654503189fcd6eecd59bd501a7015b8c",
        "signature_type": "Line",
        "target": {
            "file": "portal-kernel/src/com/liferay/portal/kernel/upgrade/BasePortletPreferencesUpgradeProcess.java"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 2763.0,
            "function_hash": "170699539902466296749337177159259793854"
        },
        "id": "CVE-2025-43819-98b65317",
        "source": "https://github.com/liferay/liferay-portal/commit/a9017d1f654503189fcd6eecd59bd501a7015b8c",
        "signature_type": "Function",
        "target": {
            "file": "portal-kernel/src/com/liferay/portal/kernel/upgrade/BasePortletPreferencesUpgradeProcess.java",
            "function": "_upgradePortletPreferenceValues"
        },
        "signature_version": "v1",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43819.json"