CVE-2025-43758
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-12-16
Assigner: Liferay Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liferay | digital_experience_platform | From 2024.Q1.1 (inc) to 2024.Q1.16 (exc) |
| liferay | digital_experience_platform | From 2024.q2.0 (inc) to 2024.q2.13 (inc) |
| liferay | digital_experience_platform | From 2024.q3.1 (inc) to 2024.q3.13 (inc) |
| liferay | digital_experience_platform | From 2024.q4.0 (inc) to 2024.q4.7 (inc) |
| liferay | digital_experience_platform | From 2025.Q1.0 (inc) to 2025.Q1.6 (exc) |
| liferay | digital_experience_platform | 7.4 |
| liferay | liferay_portal | From 7.4.0 (inc) to 7.4.3.132 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Liferay Portal and Liferay DXP versions specified allows unauthenticated users (guests) to access files uploaded via object entry that are stored in the document_library by simply using a URL. This means that files which should be protected can be accessed without any authentication.
How can this vulnerability impact me? :
The impact of this vulnerability is that sensitive or private files stored in the document_library could be accessed by unauthorized users without any authentication. This could lead to information disclosure and potential misuse of confidential data.