6.9
CVE-2025-43808
- EPSS 0.02%
- Veröffentlicht 19.09.2025 20:37:22
- Zuletzt bearbeitet 15.12.2025 18:18:01
- Quelle security@liferay.com
- CVE-Watchlists
- Unerledigt
The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which allows remote attackers to access and download virtual products for free via a crafted URL.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version >= 2023.Q3.1 <= 2023.Q3.10
Liferay ≫ Digital Experience Platform Version >= 2023.Q4.0 < 2023.Q4.9
Liferay ≫ Digital Experience Platform Version7.3 Updateservice_pack_3
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate1
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate10
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate11
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate12
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate13
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate14
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate15
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate16
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate17
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate18
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate19
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate2
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate20
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate21
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate22
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate23
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate24
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate25
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate26
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate27
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate28
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate29
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate3
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate30
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate31
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate32
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate33
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate34
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate35
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate36
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate4
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate5
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate6
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate7
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate8
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate9
Liferay ≫ Digital Experience Platform Version7.4 Update-
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate1
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate10
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate11
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate12
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate13
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate14
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate15
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate16
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate17
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate18
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate19
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate2
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate20
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate21
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate22
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate23
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate24
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate25
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate26
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate27
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate28
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate29
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate3
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate30
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate31
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate32
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate33
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate34
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate39
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate4
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate40
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate41
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate42
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate43
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate44
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate5
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate6
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate60
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate61
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate62
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate63
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate64
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate65
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate66
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate67
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate68
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate69
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate7
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate70
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate71
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate72
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate73
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate74
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate75
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate76
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate77
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate78
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate79
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate8
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate80
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate81
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate82
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate83
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate84
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate85
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate86
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate87
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate88
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate89
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate9
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate90
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate91
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate92
Liferay ≫ Liferay Portal Version >= 7.4.0 < 7.4.3.113
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.043 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| security@liferay.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.