Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request.
Metrics
Affected Vendors & Products
References
History
Thu, 04 Sep 2025 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request. | |
Weaknesses | CWE-400 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2025-09-04T01:57:13.173Z
Reserved: 2025-04-17T10:55:28.237Z
Link: CVE-2025-43772

No data.

No data.

No data.

No data.