T
he organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
References
| Link | Resource |
|---|---|
| https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43788 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Dec 2025, 15:13
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Liferay digital Experience Platform
Liferay Liferay liferay Portal |
|
| References | () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43788 - Vendor Advisory | |
| CPE | cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
15 Sep 2025, 15:22
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-12 03:15
Updated : 2025-12-16 15:13
NVD link : CVE-2025-43788
Mitre link : CVE-2025-43788
CVE.ORG link : CVE-2025-43788
JSON object : View
Products Affected
CWE
CWE-862
Missing Authorization