GHSA-xwc5-q44v-p6gg

Suggest an improvement
Source
https://github.com/advisories/GHSA-xwc5-q44v-p6gg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-xwc5-q44v-p6gg/GHSA-xwc5-q44v-p6gg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xwc5-q44v-p6gg
Aliases
  • CVE-2025-43751
Published
2025-08-22T18:31:23Z
Modified
2025-08-22T21:57:24.581260Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
Liferay Portal User Enumeration Vulnerability via the Create Account Page
Details

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92 allows remote attackers to determine if an account exist in the application via the create account page.

Database specific 
{
    "nvd_published_at": "2025-08-22T16:15:43Z",
    "github_reviewed": true,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-203"
    ],
    "github_reviewed_at": "2025-08-22T21:09:36Z"
}
References

Affected packages

Maven / com.liferay:com.liferay.login.web

Package

Name
com.liferay:com.liferay.login.web
View open source insights on deps.dev
Purl
pkg:maven/com.liferay/com.liferay.login.web

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.66

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.60
2.0.61

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
3.0.25
3.0.26
3.0.27
3.0.28
3.0.29
3.0.30
3.0.31
3.0.32
3.0.33
3.0.34
3.0.35
3.0.36
3.0.37
3.0.38
3.0.39
3.0.40
3.0.41
3.0.42
3.0.43
3.0.44
3.0.45
3.0.46
3.0.47
3.0.48
3.0.49
3.0.50
3.0.51
3.0.52
3.0.53
3.0.54
3.0.55
3.0.56
3.0.57
3.0.58
3.0.59
3.0.60
3.0.61
3.0.62
3.0.63

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.19
4.0.20
4.0.21
4.0.22
4.0.23
4.0.24
4.0.25
4.0.26
4.0.27
4.0.28
4.0.29
4.0.30
4.0.31
4.0.32
4.0.33
4.0.34
4.0.35
4.0.36
4.0.37
4.0.38
4.0.39
4.0.40
4.0.41
4.0.42
4.0.43
4.0.44
4.0.45
4.0.46
4.0.47
4.0.48
4.0.49
4.0.50
4.0.51
4.0.52
4.0.53
4.0.54

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
6.0.17
6.0.18
6.0.19
6.0.20
6.0.21
6.0.22
6.0.23
6.0.24
6.0.25
6.0.26
6.0.27
6.0.28
6.0.29
6.0.30
6.0.31
6.0.32
6.0.33
6.0.34
6.0.35
6.0.36
6.0.37
6.0.38
6.0.39
6.0.40
6.0.41
6.0.42
6.0.43
6.0.44
6.0.45
6.0.46
6.0.47
6.0.48
6.0.49
6.0.50
6.0.51
6.0.52
6.0.53
6.0.54
6.0.55
6.0.56
6.0.57
6.0.58
6.0.59
6.0.60
6.0.61
6.0.62
6.0.63
6.0.64
6.0.65