CVE-2025-43786
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-12-16
Assigner: Liferay Inc.
Description
Description
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liferay | digital_experience_platform | From 2024.Q1.1 (inc) to 2024.Q1.13 (exc) |
| liferay | digital_experience_platform | From 2024.q2.0 (inc) to 2024.q2.13 (inc) |
| liferay | digital_experience_platform | From 2024.Q3.0 (inc) to 2024.Q3.2 (exc) |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | liferay_portal | From 7.4.0 (inc) to 7.4.3.129 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
