Cross-Site Request Forgery Vulnerability in Liferay Portal and DXP
CVE-2025-43748
7.1HIGH
What is CVE-2025-43748?
A security flaw exists in Liferay Portal versions 7.0.0 through 7.4.3.119 and Liferay DXP versions 2024.Q1.1 to 2024.Q1.6, as well as earlier versions UP to 2023.Q4.9, that lacks sufficient CSRF protection for omni-administrator users. This vulnerability enables attackers to perform unauthorized actions on behalf of an authenticated user, leading to potential data leaks or unauthorized modifications. It is crucial for organizations using affected versions to assess their exposure and implement appropriate security measures.
Affected Version(s)
DXP 6.2.0
DXP 7.0.10
DXP 7.1.10
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved