Open Redirect Vulnerability in Liferay Portal and DXP
CVE-2025-43795

5.1MEDIUM

Key Information:

Vendor: Liferay
Status: Portal; Dxp
Vendor: CVE Published:; 12 September 2025

What is CVE-2025-43795?

An open redirect vulnerability exists in the System Settings, Instance Settings, and Site Settings of Liferay Portal and Liferay DXP, allowing remote attackers to manipulate the redirect parameter. This imperfection enables the potential redirection of users to arbitrary external URLs, posing risks such as phishing attacks and unauthorized access to sensitive information. Users running versions from 7.1.0 to 7.4.3.101 and multiple DXP versions are particularly affected, necessitating immediate assessment and remediation to bolster web application security.

Affected Version(s)

DXP 7.3.10 <= 7.3.10-u35

DXP 7.4.13 <= 7.4.13-u92

DXP 2023.Q3.0 <= 2023.Q3.4

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2025
Vulnerability Reserved
Apr 17, 2025

Credit

Abderrahmane BOUNHIDJA