Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.
History

Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Liferay
Liferay dxp
Liferay portal
Vendors & Products Liferay
Liferay dxp
Liferay portal

Fri, 29 Aug 2025 19:30:00 +0000

Type Values Removed Values Added
Description Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.1, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.18 has a security vulnerability that allowing for improper access through the expandoTableLocalService. Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.

Fri, 29 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Description Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.1, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.18 has a security vulnerability that allowing for improper access through the expandoTableLocalService.
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Liferay

Published:

Updated: 2025-08-29T19:14:16.693Z

Reserved: 2025-04-17T10:55:28.237Z

Link: CVE-2025-43773

cve-icon Vulnrichment

Updated: 2025-08-29T19:07:56.555Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T19:15:37.143

Modified: 2025-09-02T15:55:35.520

Link: CVE-2025-43773

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:33Z