CVE-2025-43748
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery
| CWE | CWE-352 |
| Vendor | liferay |
| Product | portal |
| Published | Aug 20, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for liferay portal
Be the first to know when new unknown vulnerabilities affecting liferay portal are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Liferay / Portal
7.0.0 ≤ 7.4.3.119
Liferay / DXP
6.2.0 ≤ portal-173 7.0.10 ≤ de-102 7.1.10 ≤ dxp-28 7.2.10 ≤ dxp-20 7.3.10 ≤ 7.3.10-u36 7.4.13 ≤ 7.4.13-u92 2023.Q3.1 ≤ 2023.Q3.9 2023.Q4.0 ≤ 2023.Q4.9 2024.Q1.1 ≤ 2024.Q1.6