Описание
Liferay Portal allows improper access through the expandoTableLocalService
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-43773
- https://github.com/liferay/liferay-portal/commit/1cbc4b615c270ce986b7fa1835ed196a11ac3234
- https://github.com/liferay/liferay-portal/commit/58849cc83348af289944c874301e16e039ae4270
- https://github.com/liferay/liferay-portal/commit/8eacaaa1e3552648a3e4a0975731641087d186af
- https://github.com/liferay/liferay-portal/commit/9f56b195aec5c1c904242206d61f3fe412701941
- https://github.com/liferay/liferay-portal/commit/f33cda648a9082567d7de06c27ba9d3583ee8ff5
- https://liferay.atlassian.net/browse/LPE-18262
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773
Пакеты
com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl
< 6.0.93
6.0.93
Связанные уязвимости
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.