CVE-2025-43743

EPSS 0.05%
Veröffentlicht 19.08.2025 19:13:39
Zuletzt bearbeitet 15.12.2025 20:06:05
Quelle security@liferay.com
CVE-Watchlists
Login
Unerledigt
Login

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version >= 2024.Q1.1 < 2024.Q1.16

Liferay ≫ Digital Experience Platform Version >= 2024.q2.0 <= 2024.q2.13

Liferay ≫ Digital Experience Platform Version >= 2024.q3.1 <= 2024.q3.13

Liferay ≫ Digital Experience Platform Version >= 2024.q4.0 <= 2024.q4.7

Liferay ≫ Digital Experience Platform Version >= 2025.Q1.0 < 2025.Q1.6

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate32

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate33

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate34

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate39

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate4

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate40

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate41

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate42

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate43

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate44

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate5

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate6

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate60

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate61

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate62

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate63

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate64

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate65

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate66

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate67

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate68

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate69

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate7

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate70

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate71

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate72

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate73

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate74

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate75

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate76

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate77

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate78

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate79

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate8

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate80

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate81

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate82

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate83

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate84

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate85

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate86

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate87

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate88

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate89

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate9

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate90

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate91

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate92

Liferay ≫ Liferay Portal Version >= 7.4.0 <= 7.4.3.132

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.171

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@liferay.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-43743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-43743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-43743

EUVD