CVE-2025-43767

Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.

CVSS

No CVSS.

References

Link	Resource
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767

Configurations

No configuration.

History

25 Aug 2025, 20:24

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de redirección abierta en el parámetro /c/portal/edit_info_item en Liferay Portal 7.4.3.86 a 7.4.3.131, y Liferay DXP 2024.Q3.1 a 2024.Q3.9, 2024.Q2.0 a 2024.Q2.13, 2024.Q1.1 a 2024.Q1.12 y 7.4 actualización 86 a 92 permite a un atacante explotar esta vulnerabilidad de seguridad para redirigir a los usuarios a un sitio malicioso.

23 Aug 2025, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-23 04:15

Updated : 2025-08-25 20:24

NVD link : CVE-2025-43767

Mitre link : CVE-2025-43767

CVE.ORG link : CVE-2025-43767

JSON object : View

Products Affected

No product.

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2025-43767", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@liferay.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-23T04:15:45.463", "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767", "source": "security@liferay.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@liferay.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site."}, {"lang": "es", "value": "La vulnerabilidad de redirecci\u00f3n abierta en el par\u00e1metro /c/portal/edit_info_item en Liferay Portal 7.4.3.86 a 7.4.3.131, y Liferay DXP 2024.Q3.1 a 2024.Q3.9, 2024.Q2.0 a 2024.Q2.13, 2024.Q1.1 a 2024.Q1.12 y 7.4 actualizaci\u00f3n 86 a 92 permite a un atacante explotar esta vulnerabilidad de seguridad para redirigir a los usuarios a un sitio malicioso."}], "lastModified": "2025-08-25T20:24:45.327", "sourceIdentifier": "security@liferay.com"}