CVE-2025-43789
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-12

Last updated on: 2025-09-15

Assigner: Liferay Inc.

Description
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-12
Last Modified
2025-09-15
Generated
2026-06-16
AI Q&A
2025-09-12
EPSS Evaluated
2026-06-14
NVD
CVE-2025-43789
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
liferay portal 7.4.1
liferay dxp 2024.q1.8
liferay dxp 2024.q1.9
liferay dxp 2024.q1.2
liferay dxp 2024.q1.4
liferay dxp 2024.q1.6
liferay dxp 2024.q1.1
liferay dxp 2024.q1.5
liferay dxp 2024.q1.7
liferay portal 7.4.3
liferay portal 7.4.2
liferay portal 7.4.0
liferay dxp 2024.q1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves JSON Web Services in certain versions of Liferay Portal and Liferay DXP being registered and invoked directly as classes, which allows Service Access Policies to be executed. This means that the way these services are accessed could potentially bypass or improperly enforce access controls.

Impact Analysis

The vulnerability could impact you by allowing unauthorized or unintended access to services due to the direct invocation of JSON Web Services and execution of Service Access Policies. However, the CVSS score is low (1.0), indicating limited impact or exploitability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-43789. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart