CVE-2025-43772
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-04

Assigner: Liferay Inc.

Description
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-04
Generated
2026-05-27
AI Q&A
2025-09-04
EPSS Evaluated
2026-05-25
NVD
CVE-2025-43772
EUVD
EUVD-2025-33977
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
liferay liferay_dxp 7.3
liferay liferay_dxp 7.4
liferay liferay_portal 7.4
liferay liferay_portal 7.3
liferay liferay_portal 7.0
liferay liferay_portal 7.1
liferay liferay_portal 7.2
liferay kaleo_forms 2.*
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Kaleo Forms Admin in certain versions of Liferay Portal and Liferay DXP. It does not restrict the saving of request parameters in the portlet session, which allows remote attackers to send crafted HTTP requests that consume system memory. This can lead to denial-of-service (DoS) conditions.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing remote attackers to cause denial-of-service (DoS) conditions on your system. This happens because crafted HTTP requests can consume excessive system memory, potentially making the system unavailable or unstable.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart