CVE-2025-43767

MEDIUM

Liferay Portal 7.4.3.86-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 Open Redirect via /c/portal/edit_info_item

Title source: llm

Description

Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.

References (1)

Core 1

Core References

Vendor Advisory

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767

Scores

CVSS v3 6.1

EPSS 0.0017

EPSS Percentile 6.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (4)

com.liferay/com.liferay.info.impl 0 - 5.0.69Maven

liferay/digital_experience_platform 7.4 update86 (7 CPE variants)

liferay/digital_experience_platform 2024.Q1.1 - 2024.Q1.13

liferay/liferay_portal 7.4.3.86 - 7.4.3.132

Published Aug 23, 2025

Tracked Since Feb 18, 2026