Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded by object entry and stored in document_library
Metrics
Affected Vendors & Products
References
History
Sat, 23 Aug 2025 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Liferay
Liferay dxp Liferay portal |
|
Vendors & Products |
Liferay
Liferay dxp Liferay portal |
Fri, 22 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 22 Aug 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded by object entry and stored in document_library | |
Weaknesses | CWE-552 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2025-08-22T18:49:22.514Z
Reserved: 2025-04-17T10:55:24.866Z
Link: CVE-2025-43758

Updated: 2025-08-22T18:48:57.212Z

Status : Awaiting Analysis
Published: 2025-08-22T19:15:38.467
Modified: 2025-08-25T20:24:45.327
Link: CVE-2025-43758

No data.

Updated: 2025-08-23T10:54:59Z