File Upload Vulnerability in Liferay Portal and DXP by Liferay
CVE-2025-43766

6.8MEDIUM

Key Information:

Vendor: Liferay
Status: Portal; Dxp
Vendor: CVE Published:; 23 August 2025

What is CVE-2025-43766?

The vulnerability present in Liferay Portal and Liferay DXP allows attackers to upload unrestricted files within the style books component. This can lead to arbitrary code execution, posing a significant security risk to the environment. Users of the affected versions are advised to take immediate action to mitigate potential exploitations.

Affected Version(s)

DXP 7.4.13 <= 7.4.13-u92

DXP 2024.Q1.1 <= 2024.Q1.12

DXP 2024.Q2.0 <= 2024.Q2.13

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2025
Vulnerability Reserved
Apr 17, 2025