Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 17 Sep 2025 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks. | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks. |
Thu, 21 Aug 2025 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Liferay
Liferay dxp Liferay portal |
|
Vendors & Products |
Liferay
Liferay dxp Liferay portal |
Wed, 20 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 20 Aug 2025 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks. | |
Weaknesses | CWE-434 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2025-09-17T23:41:55.512Z
Reserved: 2025-04-17T10:55:23.317Z
Link: CVE-2025-43750

Updated: 2025-08-20T15:16:27.305Z

Status : Awaiting Analysis
Published: 2025-08-20T13:15:28.497
Modified: 2025-09-18T00:15:36.127
Link: CVE-2025-43750

No data.

Updated: 2025-08-21T12:30:56Z