Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-43782

UNKNOWN
Published Unknown
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-43782. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Malicious code in bioql (PyPI)

Affected Products (ENISA)

liferay
dxp

ENISA Scoring

CVSS Score (4.0)

5.3
/10
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.150
probability

ENISA References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43782
https://nvd.nist.gov/vuln/detail/CVE-2025-43782
https://github.com/liferay/liferay-portal/commit/4e85bafae4c4e17d3f87054d1f1d49a908d79819
https://github.com/liferay/liferay-portal/commit/720f2d3fde180e5c2971a5d01246dfec36f68131
https://github.com/liferay/liferay-portal/commit/acf50c712f7f21c2f52db30883486cb885c8bdd0
https://github.com/liferay/liferay-portal/commit/ad55ef75cb82c8b1ed01f311488475a646481731
https://github.com/liferay/liferay-portal/commit/b61004c960e10d576634096fccc9f71677df0fbd
https://github.com/liferay/liferay-portal/commit/c30a8b729e133f7f40277ce7dc350b87d13d49c7

Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name

GHSA-wr8m-5h2p-4432

Advisory Details

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the API.

Affected Packages

Maven com.liferay:com.liferay.portal.workflow.kaleo.runtime.integration.impl
ECOSYSTEM: ≥5.0.1 <5.0.48

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-43782
WEB https://github.com/liferay/liferay-portal/commit/4e85bafae4c4e17d3f87054d1f1d49a908d79819
WEB https://github.com/liferay/liferay-portal/commit/720f2d3fde180e5c2971a5d01246dfec36f68131
WEB https://github.com/liferay/liferay-portal/commit/acf50c712f7f21c2f52db30883486cb885c8bdd0
WEB https://github.com/liferay/liferay-portal/commit/ad55ef75cb82c8b1ed01f311488475a646481731
WEB https://github.com/liferay/liferay-portal/commit/b61004c960e10d576634096fccc9f71677df0fbd
WEB https://github.com/liferay/liferay-portal/commit/c30a8b729e133f7f40277ce7dc350b87d13d49c7
WEB https://github.com/liferay/liferay-portal
WEB https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43782

Advisory provided by GitHub Security Advisory Database. Published: September 11, 2025, Modified: September 15, 2025

Published: Unknown
Last Modified: Unknown
Copied to clipboard!