CVE-2025-43813
Description
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to access arbitrary CSS and JSS files and load the files multiple times via the query string in a URL.
Risk Information
Base Score
8.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score
Exploitation Probability
0.158
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-43813 are fixed in Liferay - release.portal.bom 7.4.3.108 | Windows |
| Vulnerabilities CVE-2025-43793,CVE-2025-43813 are fixed in Liferay - com.liferay.portal.impl 96.0.0 | Windows |
| Vulnerabilities CVE-2025-43813 are fixed in Liferay - release.portal.bom for Linux 7.4.3.108 | Linux |
| Vulnerabilities CVE-2025-43793,CVE-2025-43813 are fixed in Liferay - com.liferay.portal.impl for Linux 96.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234