Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the default/main virtual instance, then any tenant can create a list of all other tenants.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 23 Aug 2025 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Liferay
Liferay dxp Liferay portal |
|
Vendors & Products |
Liferay
Liferay dxp Liferay portal |
Fri, 22 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the default/main virtual instance, then any tenant can create a list of all other tenants. | |
Weaknesses | CWE-732 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2025-08-26T14:06:50.622Z
Reserved: 2025-04-17T10:55:24.866Z
Link: CVE-2025-43759

Updated: 2025-08-26T13:07:58.314Z

Status : Awaiting Analysis
Published: 2025-08-22T19:15:38.633
Modified: 2025-08-25T20:24:45.327
Link: CVE-2025-43759

No data.

Updated: 2025-08-23T10:55:00Z