CVE-2025-43786
Description
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.035
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-43786 are fixed in Liferay - com.liferay.headless.admin.workflow.impl 5.0.83 | Windows |
| Vulnerabilities CVE-2025-43786 are fixed in Liferay - com.liferay.portal.workflow.api 11.0.1 | Windows |
| Vulnerabilities CVE-2025-43786 are fixed in Liferay - com.liferay.headless.admin.workflow.impl for Linux 5.0.83 | Linux |
| Vulnerabilities CVE-2025-43786 are fixed in Liferay - com.liferay.portal.workflow.api for Linux 11.0.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234