GHSA-9p7x-8c57-4pqv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9p7x-8c57-4pqv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-9p7x-8c57-4pqv/GHSA-9p7x-8c57-4pqv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9p7x-8c57-4pqv
- Aliases
- Published
- 2025-09-09T21:30:29Z
- Modified
- 2025-12-20T03:05:02.237253Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Liferay Portal exposes ERC which can lead to exploit the time response attack
- Details
-
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.
- Database specific
{ "nvd_published_at": "2025-09-09T20:15:40Z", "github_reviewed_at": "2025-09-11T13:30:32Z", "cwe_ids": [ "CWE-203", "CWE-208" ], "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-43786
- https://github.com/liferay/liferay-portal/commit/8f9728086bd61661437b0aa8493c83510914a474
- https://github.com/liferay/liferay-portal/commit/e34499eab2ce1d544835835afe6733a78b4ab532
- https://github.com/liferay/liferay-portal/commit/e4a140d6d92e92911f08fe33051b677742531f19
- https://github.com/liferay/liferay-portal
- https://liferay.atlassian.net/browse/LPE-18106
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43786
Affected packages
Maven
com.liferay:com.liferay.portal.vulcan.impl
Package
- Name
- com.liferay:com.liferay.portal.vulcan.impl
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay/com.liferay.portal.vulcan.impl
Affected versions
5.*
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48
5.0.49
5.0.50
5.0.51
5.0.52
5.0.53
5.0.54
5.0.55
5.0.56
5.0.57
5.0.58
5.0.59
5.0.60
5.0.61
5.0.62
5.0.63
5.0.64
5.0.65
5.0.66
5.0.67
5.0.68
5.0.69
5.0.70
5.0.71
5.0.72
5.0.73
5.0.74
5.0.75
5.0.76
5.0.77
5.0.78
5.0.79
5.0.80
5.0.81
5.0.82
5.0.83
5.0.84
5.0.85
5.0.86
5.0.87
5.0.88
5.0.89
5.0.90
5.0.91
5.0.92
5.0.93
5.0.94
5.0.95
5.0.96
5.0.97
5.0.98
5.0.99
5.0.100
5.0.101
5.0.102
5.0.103
5.0.104
5.0.105
5.0.106
5.0.107
5.0.108
5.0.109
5.0.110
5.0.111
5.0.112
5.0.113
5.0.114
5.0.115
5.0.116
5.0.117
5.0.118
5.0.119
5.0.120
5.0.121
5.0.122
5.0.123
5.0.124
5.0.125
5.0.126
com.liferay:com.liferay.headless.admin.workflow.impl
Package
- Name
- com.liferay:com.liferay.headless.admin.workflow.impl
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay/com.liferay.headless.admin.workflow.impl
Affected versions
5.*
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48
5.0.49
5.0.50
5.0.51
5.0.52
5.0.53
5.0.54
5.0.55
5.0.56
5.0.57
5.0.58
5.0.59
5.0.60
5.0.61
5.0.62
5.0.63
5.0.64
5.0.65
5.0.66
5.0.67
5.0.68
5.0.69
5.0.70
5.0.71
5.0.72
5.0.73
5.0.74
5.0.75
5.0.76
5.0.77
5.0.78
5.0.79
5.0.80
5.0.81
5.0.82
com.liferay:com.liferay.portal.workflow.api
Package
- Name
- com.liferay:com.liferay.portal.workflow.api
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay/com.liferay.portal.workflow.api