Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to view contact information, including the contact’s name and email address, via the _com_liferay_contacts_web_portlet_ContactsCenterPortlet_entryId parameter.
References
| Link | Resource |
|---|---|
| https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43803 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Dec 2025, 16:38
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
| First Time |
Liferay
Liferay liferay Portal Liferay digital Experience Platform |
|
| CPE | cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update39:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update44:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update43:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update42:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update40:*:*:*:*:*:* |
|
| References | () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43803 - Vendor Advisory |
19 Sep 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-19 19:15
Updated : 2025-12-16 16:38
NVD link : CVE-2025-43803
Mitre link : CVE-2025-43803
CVE.ORG link : CVE-2025-43803
JSON object : View
Products Affected
liferay
- digital_experience_platform
- liferay_portal
CWE
CWE-639
Authorization Bypass Through User-Controlled Key