Information Disclosure Vulnerability in Liferay Portal and DXP
CVE-2025-43759

6.7MEDIUM

Key Information:

Vendor: Liferay
Status: Portal; Dxp
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-43759?

An information disclosure vulnerability exists in Liferay Portal versions 7.4.0 through 7.4.3.132 and specific versions of Liferay DXP, allowing admin users of a virtual instance to add pages outside of the default/main virtual instance. This flaw permits any tenant to enumerate a list of all other tenants on the platform, resulting in potential exposure of sensitive tenant information and impacting data privacy.

Affected Version(s)

DXP 7.4.13 <= 7.4.13-u92

DXP 2024.Q1.1 <= 2024.Q1.14

DXP 2024.Q2.0 <= 2023.Q2.13

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 17, 2025