CVE-2025-43814
Description
In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a users password reminder answer, which allows remote authenticated users to obtain a users password reminder answer via the audit events.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.056
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-43814 are fixed in Liferay - com.liferay.portal.security.audit.event.generators.user.management 5.0.13 | Windows |
| Vulnerabilities CVE-2025-43814 are fixed in Liferay - com.liferay.portal.security.audit.event.generators.user.management for Linux 5.0.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234