CVE-2025-43767

MEDIUM

Liferay Digital Experience Platform < 2024.Q1.13 - Open Redirect

Title source: rule

Description

Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.

References (1)

[Vendor Advisory] https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767

Scores

CVSS v3 6.1

EPSS 0.0004

EPSS Percentile 10.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (4)

com.liferay/com.liferay.info.impl 0 - 5.0.69Maven

liferay/digital_experience_platform 7.4 update86 (7 CPE variants)

liferay/digital_experience_platform 2024.Q1.1 - 2024.Q1.13

liferay/liferay_portal 7.4.3.86 - 7.4.3.132

Published Aug 23, 2025

Tracked Since Feb 18, 2026