CVE-2025-43749
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-12-16
Assigner: Liferay Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liferay | digital_experience_platform | From 2024.Q1.1 (inc) to 2024.Q1.15 (exc) |
| liferay | digital_experience_platform | From 2024.q2.0 (inc) to 2024.q2.13 (inc) |
| liferay | digital_experience_platform | From 2024.q3.1 (inc) to 2024.q3.13 (inc) |
| liferay | digital_experience_platform | From 2024.q4.0 (inc) to 2024.q4.7 (inc) |
| liferay | digital_experience_platform | From 2025.Q1.0 (inc) to 2025.Q1.2 (exc) |
| liferay | digital_experience_platform | 7.4 |
| liferay | liferay_portal | From 7.4.0 (inc) to 7.4.3.132 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Liferay Portal and Liferay DXP versions specified allows unauthenticated users (guests) to access files uploaded via forms and stored in the document_library by using a URL. Essentially, it means that anyone without logging in can potentially view files that should be restricted.
How can this vulnerability impact me? :
The impact of this vulnerability is that sensitive or private files stored in the document library could be accessed by unauthorized users. This could lead to data exposure, loss of confidentiality, and potential misuse of information that was intended to be protected.