CVE-2025-43752
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-12-16
Assigner: Liferay Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liferay | digital_experience_platform | From 2024.Q1.1 (inc) to 2024.Q1.16 (exc) |
| liferay | digital_experience_platform | From 2024.q2.0 (inc) to 2024.q2.13 (inc) |
| liferay | digital_experience_platform | From 2024.q3.1 (inc) to 2024.q3.13 (inc) |
| liferay | digital_experience_platform | From 2024.Q4.0 (inc) to 2024.Q4.10 (inc) |
| liferay | digital_experience_platform | From 2025.Q1.0 (inc) to 2025.Q1.5 (exc) |
| liferay | digital_experience_platform | 7.4 |
| liferay | liferay_portal | From 7.4.0 (inc) to 7.4.3.132 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Liferay Portal and Liferay DXP versions specified allows users to upload an unlimited number of files through the object entries attachment fields. These files are stored in the document_library, which can be exploited by an attacker to cause a potential Denial of Service (DDoS) attack by overwhelming the system with excessive file uploads.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling an attacker to perform a Denial of Service (DDoS) attack on your Liferay Portal or DXP instance. By uploading an unlimited amount of files, the attacker can exhaust system resources, potentially causing service disruption or downtime.