CVE-2025-43792
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-16
Assigner: Liferay Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liferay | digital_experience_platform | to 7.3 (exc) |
| liferay | digital_experience_platform | From 2023.q3.1 (inc) to 2023.q3.5 (exc) |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 2023.q4.0 |
| liferay | liferay_portal | to 7.4.3.106 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-15 | One or more system settings or configuration elements can be externally controlled by a user. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Liferay DXP's remote staging feature occurs because the system does not properly obtain the remote address of the live site from the database. This flaw allows remote authenticated users to exfiltrate data by redirecting it to an attacker-controlled server posing as a fake 'live site' using specific parameters. To exploit this, an attacker must have the staging server's shared secret and add their server to the staging server's whitelist. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized data exfiltration from the staging server to an attacker-controlled server. This means sensitive or confidential data could be leaked, potentially compromising the integrity and confidentiality of your systems and data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring for unusual use of the parameters `_com_liferay_exportimport_web_portlet_ExportImportPortlet_remoteAddress` and `_com_liferay_exportimport_web_portlet_ExportImportPortlet_remotePort` in requests to the staging server, as these are exploited to redirect data to attacker-controlled servers. Network traffic inspection tools or web server logs can be searched for these parameter names. For example, using grep on web server logs: `grep '_com_liferay_exportimport_web_portlet_ExportImportPortlet_remoteAddress' /path/to/access.log` or using network monitoring tools to detect connections to unknown or suspicious remote addresses configured as 'live sites'. Additionally, verify if the staging server's shared secret has been compromised or if unauthorized servers have been added to the staging server's whitelist. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading affected Liferay Portal or DXP instances to fixed versions: Liferay Portal 7.4.3.106 or later, Liferay DXP 2024.Q1.1, 2023.Q4.1, 2023.Q3.5, or 7.3 U36 and later. Additionally, review and secure the staging server's shared secret to prevent unauthorized access, and audit the staging server's whitelist to ensure no attacker-controlled servers are included. Restrict access to the staging environment and monitor for suspicious activity involving the vulnerable parameters. [1]