CVE-2025-43758

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-43758
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded by object entry and stored in document_library
CVSS

No CVSS.

References
Link Resource
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43758
Configurations

No configuration.

History

25 Aug 2025, 20:24

Type Values Removed Values Added
Summary
  • (es) Liferay Portal 7.4.0 a 7.4.3.132, y Liferay DXP 2025.Q1.0 a 2025.Q1.5, 2024.Q4.0 a 2024.Q4.7, 2024.Q3.1 a 2024.Q3.13, 2024.Q2.0 a 2024.Q2.13, 2024.Q1.1 a 2024.Q1.15 y 7.4 GA hasta la actualizaciĆ³n 92 permiten a los usuarios no autenticados (invitados) acceder mediante archivos URL cargados por entrada de objeto y almacenados en document_library.

22 Aug 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-22 19:15

Updated : 2025-08-25 20:24

NVD link : CVE-2025-43758

Mitre link : CVE-2025-43758

CVE.ORG link : CVE-2025-43758

JSON object : View

Products Affected

No product.

CWE
CWE-552

Files or Directories Accessible to External Parties