{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-43767", "assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "state": "PUBLISHED", "assignerShortName": "Liferay", "dateReserved": "2025-04-17T10:55:26.804Z", "datePublished": "2025-08-23T03:41:34.635Z", "dateUpdated": "2025-08-25T17:51:01.599Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Portal", "vendor": "Liferay", "versions": [{"lessThanOrEqual": "7.4.3.131", "status": "affected", "version": "7.4.3.86", "versionType": "maven"}]}, {"defaultStatus": "unaffected", "product": "DXP", "vendor": "Liferay", "versions": [{"lessThanOrEqual": "7.4.13-u92", "status": "affected", "version": "7.4.13-u86", "versionType": "maven"}, {"lessThanOrEqual": "2024.Q1.12", "status": "affected", "version": "2024.Q1.1", "versionType": "maven"}, {"lessThanOrEqual": "2024.Q2.13", "status": "affected", "version": "2024.Q2.0", "versionType": "maven"}, {"lessThanOrEqual": "2024.Q3.9", "status": "affected", "version": "2024.Q3.1", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site."}], "value": "Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "shortName": "Liferay", "dateUpdated": "2025-08-23T03:41:34.635Z"}, "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-25T17:49:54.496225Z", "id": "CVE-2025-43767", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T17:51:01.599Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43767", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-25T17:49:54.496225Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T17:49:59.209Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Liferay", "product": "Portal", "versions": [{"status": "affected", "version": "7.4.3.86", "versionType": "maven", "lessThanOrEqual": "7.4.3.131"}], "defaultStatus": "unaffected"}, {"vendor": "Liferay", "product": "DXP", "versions": [{"status": "affected", "version": "7.4.13-u86", "versionType": "maven", "lessThanOrEqual": "7.4.13-u92"}, {"status": "affected", "version": "2024.Q1.1", "versionType": "maven", "lessThanOrEqual": "2024.Q1.12"}, {"status": "affected", "version": "2024.Q2.0", "versionType": "maven", "lessThanOrEqual": "2024.Q2.13"}, {"status": "affected", "version": "2024.Q3.1", "versionType": "maven", "lessThanOrEqual": "2024.Q3.9"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.", "supportingMedia": [{"type": "text/html", "value": "Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "shortName": "Liferay", "dateUpdated": "2025-08-23T03:41:34.635Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43767", "state": "PUBLISHED", "dateUpdated": "2025-08-25T17:51:01.599Z", "dateReserved": "2025-04-17T10:55:26.804Z", "assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "datePublished": "2025-08-23T03:41:34.635Z", "assignerShortName": "Liferay"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "590D94D5-7486-4D96-97F0-C40F58304CF2", "versionEndExcluding": "2024.Q1.13", "versionStartIncluding": "2024.Q1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EB4ABE4-0B4D-471C-A868-0CA6F5EE7A47", "versionEndIncluding": "2024.q2.13", "versionStartIncluding": "2024.q2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD46739E-72FE-49BB-8616-A96F69DDD793", "versionEndExcluding": "2024.Q3.10", "versionStartIncluding": "2024.Q3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*", "matchCriteriaId": "39835EF7-8E93-4695-973D-6E9B76C67372", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*", "matchCriteriaId": "2A05FB86-332B-44E3-93CB-82465A38976E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*", "matchCriteriaId": "7C754823-899C-4EEF-ACB7-E1551FA88B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*", "matchCriteriaId": "493D4C18-DEE2-4040-9C13-3A9AB2CE47BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*", "matchCriteriaId": "8F17DD75-E63B-4E4C-B136-D43F17B389EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*", "matchCriteriaId": "62EE759A-78AD-40D6-8C5B-10403A8A4A89", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*", "matchCriteriaId": "865ABA1F-CA99-4602-B325-F81C9778855C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "C45DE934-D0C9-4C14-9C42-DBEEA38C50D2", "versionEndExcluding": "7.4.3.132", "versionStartIncluding": "7.4.3.86", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site."}, {"lang": "es", "value": "La vulnerabilidad de redirecci\u00f3n abierta en el par\u00e1metro /c/portal/edit_info_item en Liferay Portal 7.4.3.86 a 7.4.3.131, y Liferay DXP 2024.Q3.1 a 2024.Q3.9, 2024.Q2.0 a 2024.Q2.13, 2024.Q1.1 a 2024.Q1.12 y 7.4 actualizaci\u00f3n 86 a 92 permite a un atacante explotar esta vulnerabilidad de seguridad para redirigir a los usuarios a un sitio malicioso."}], "id": "CVE-2025-43767", "lastModified": "2025-12-12T20:09:54.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@liferay.com", "type": "Secondary"}]}, "published": "2025-08-23T04:15:45.463", "references": [{"source": "security@liferay.com", "tags": ["Vendor Advisory"], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767"}], "sourceIdentifier": "security@liferay.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@liferay.com", "type": "Primary"}]}

{}

{"created": "2025-08-23T10:54:57.950686+00:00", "updated": "2025-08-23T10:54:57.950774+00:00", "vendors": ["liferay", "liferay$PRODUCT$dxp", "liferay$PRODUCT$portal"]}