Denial-of-Service Vulnerability in Liferay Portal and DXP Products
CVE-2025-43796

7.1HIGH

Key Information:

Vendor: Liferay
Status: Portal; Dxp
Vendor: CVE Published:; 12 September 2025

What is CVE-2025-43796?

Liferay Portal and Liferay DXP are subjected to a vulnerability that inadequately restricts the number of objects returned from GraphQL queries. This flaw can be exploited by remote attackers, allowing them to issue queries that result in denial-of-service (DoS) conditions, significantly affecting the application's availability. It is crucial for users of the affected Liferay products to implement mitigation strategies to prevent such attacks.

Affected Version(s)

DXP 7.3.10 <= 7.3.10-u35

DXP 7.4.13 <= 7.4.13-u92

DXP 2023.Q3.0 <= 2023.Q3.4

References

https://liferay.dev/portal/security/known-vulnerabilities...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2025
Vulnerability Reserved
Apr 17, 2025