Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to perform a denial-of-service (DoS) attacks via a crafted XML-RPC request.

Affected Packages

Maven com.liferay.portal:com.liferay.portal.impl

Affected versions: 0 (fixed in 101.0.0)

Related CVEs

CVE-2025-43801

Key Information

GHSA ID

GHSA-95h4-8mqc-4mpf

Published

September 16, 2025 6:31 PM

Last Modified

September 16, 2025 8:21 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.liferay.portal:com.liferay.portal.impl

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 19, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.