exploitDog

CVE-2025-43745

Опубликовано: 19 авг. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.q1.1 (включая) до 2024.q1.20 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.q2.0 (включая) до 2024.q2.13 (включая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.q3.1 (включая) до 2024.q3.13 (включая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2024.q4.0 (включая) до 2024.q4.7 (включая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2025.Q1.0 (включая) до 2025.Q1.16 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 2025.Q2.0 (включая) до 2025.Q2.8 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update39:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update40:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update42:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update43:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update44:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.3.132 (включая)

EPSS

Процентиль: 6%

0.00023

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-7q33-gwcm-r6cj

github

6 месяцев назад

Liferay Portal CSRF Vulnerability via Endpoint Parameter

EPSS

Процентиль: 6%

0.00023

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352