6.7
CVE-2025-43759
- EPSS 0.05%
- Veröffentlicht 22.08.2025 19:15:38
- Zuletzt bearbeitet 16.12.2025 15:03:43
- Quelle security@liferay.com
- CVE-Watchlists
- Unerledigt
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the default/main virtual instance, then any tenant can create a list of all other tenants.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version >= 2024.Q1.1 < 2024.Q1.15
Liferay ≫ Digital Experience Platform Version >= 2024.q2.0 <= 2024.q2.13
Liferay ≫ Digital Experience Platform Version >= 2024.q3.1 <= 2024.q3.13
Liferay ≫ Digital Experience Platform Version >= 2024.q4.0 <= 2024.q4.7
Liferay ≫ Digital Experience Platform Version7.4
Liferay ≫ Digital Experience Platform Version2025.q1.0
Liferay ≫ Liferay Portal Version >= 7.4.0 <= 7.4.3.132
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.167 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
| security@liferay.com | 6.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.