GHSA-m55r-9fx8-725j

Source

https://github.com/advisories/GHSA-m55r-9fx8-725j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-m55r-9fx8-725j/GHSA-m55r-9fx8-725j.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m55r-9fx8-725j

Aliases

CVE-2025-43795

Published

2025-09-12T21:32:14Z

Modified

2025-12-20T03:37:16.382798Z

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect

Details

An open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the comliferayconfigurationadminwebportletSystemSettingsPortletredirect parameter.

An open redirect vulnerability in the Instance Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the comliferayconfigurationadminwebportletInstanceSettingsPortletredirect parameter.

An open redirect vulnerability in the Site Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the comliferaysiteadminwebportletSiteSettingsPortletredirect parameter.

Database specific

{
    "github_reviewed": true,
    "severity": "MODERATE",
    "github_reviewed_at": "2025-09-15T13:46:39Z",
    "nvd_published_at": "2025-09-12T20:15:42Z",
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

Maven / com.liferay:com.liferay.configuration.admin.web

Package

Name: com.liferay:com.liferay.configuration.admin.web; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.configuration.admin.web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.7

Fixed

5.0.76

Affected versions

2.*

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

2.0.53

2.0.54

2.0.55

2.0.56

2.0.57

2.0.58

2.0.59

2.0.60

2.0.61

2.0.62

2.0.63

2.0.64

2.0.65

2.0.66

2.0.67

2.0.68

2.0.69

2.0.70

2.0.71

2.0.72

2.0.73

2.0.74

2.0.75

2.0.76

2.0.77

2.0.78

2.0.79

2.0.80

2.0.81

2.0.82

2.0.83

2.0.84

2.0.85

2.0.86

2.0.87

2.0.88

2.0.89

2.0.90

2.0.91

2.0.92

2.0.93

2.0.94

2.0.95

2.0.96

2.0.97

2.0.98

2.0.99

2.0.100

2.0.101

2.0.102

2.0.103

2.0.104

2.0.105

2.0.106

2.0.107

2.0.108

2.0.109

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.0.21

3.0.22

3.0.23

3.0.24

3.0.25

3.0.26

3.0.27

3.0.28

3.0.29

3.0.30

3.0.31

3.0.32

3.0.33

3.0.34

3.0.35

3.0.36

3.0.37

3.0.38

3.0.39

3.0.40

3.0.41

3.0.42

3.0.43

3.0.44

3.0.45

3.0.46

3.0.47

3.0.48

3.0.49

3.0.50

3.0.51

3.0.52

3.0.53

3.0.54

3.0.55

3.0.56

3.0.57

3.0.58

3.0.59

3.0.60

3.0.61

3.0.62

3.0.63

3.0.64

3.0.65

3.0.66

3.0.67

3.0.68

3.0.69

3.0.70

3.0.71

3.0.72

3.0.73

3.0.74

3.0.75

3.0.76

3.0.77

3.0.78

3.0.79

3.0.80

3.0.81

3.0.82

3.0.83

3.0.84

3.0.85

3.0.86

3.0.87

3.0.88

3.0.89

3.0.90

3.0.91

3.0.92

3.0.93

3.0.94

3.0.95

3.0.96

3.0.97

3.0.98

3.0.99

3.0.100

3.0.101

3.0.102

3.0.103

3.0.104

3.0.105

3.0.106

3.0.107

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.19

4.0.20

4.0.21

4.0.22

4.0.23

4.0.24

4.0.25

4.0.26

4.0.27

4.0.28

4.0.29

4.0.30

4.0.31

4.0.32

4.0.33

4.0.34

4.0.35

4.0.36

4.0.37

4.0.38

4.0.39

4.0.40

4.0.41

4.0.42

4.0.43

4.0.44

4.0.45

4.0.46

4.0.47

4.0.48

4.0.49

4.0.50

4.0.51

4.0.52

4.0.53

4.0.54

4.0.55

4.0.56

4.0.57

4.0.58

4.0.59

4.0.60

4.0.61

4.0.62

4.0.63

4.0.64

4.0.65

4.0.66

4.0.67

4.0.68

4.0.69

4.0.70

4.0.71

4.0.72

4.0.73

4.0.74

4.0.75

4.0.76

4.0.77

4.0.78

4.0.79

4.0.80

4.0.81

4.0.82

4.0.83

4.0.84

4.0.85

4.0.86

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.15

5.0.16

5.0.17

5.0.18

5.0.19

5.0.20

5.0.21

5.0.22

5.0.23

5.0.24

5.0.25

5.0.26

5.0.27

5.0.28

5.0.29

5.0.30

5.0.31

5.0.32

5.0.33

5.0.34

5.0.35

5.0.36

5.0.37

5.0.38

5.0.39

5.0.40

5.0.41

5.0.42

5.0.43

5.0.44

5.0.45

5.0.46

5.0.47

5.0.48

5.0.49

5.0.50

5.0.51

5.0.52

5.0.53

5.0.54

5.0.55

5.0.56

5.0.57

5.0.58

5.0.59

5.0.60

5.0.61

5.0.62

5.0.63

5.0.64

5.0.65

5.0.66

5.0.67

5.0.68

5.0.69

5.0.70

5.0.71

5.0.72

5.0.73

5.0.74

5.0.75

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-m55r-9fx8-725j/GHSA-m55r-9fx8-725j.json"

Maven / com.liferay:com.liferay.site.admin.web