CVE-2025-43736: Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability

The analysis of the security vulnerability indicates a flaw in the file upload size validation process within Liferay Portal. The vulnerability, as described, allows a user to upload a profile picture exceeding the 300kb limit, potentially causing a Denial of Service. The provided commit ab8932bee29df7df377c468f662d55e624d9390d directly addresses this issue. The core of the vulnerability is located in the com.liferay.image.uploader.web.internal.util.UploadImageUtil.getMaxFileSize method. Before the patch, this method determined the maximum file size based on the currentLogoURL parameter, which was an unreliable way to identify the type of upload. An attacker could bypass this check, leading to the upload of a large file. The patch rectifies this by introducing a new type parameter in the request. This parameter is explicitly set in the user interface (JSP files) when a user is uploading a profile or organization picture. The getMaxFileSize method was updated to check for this type parameter, making the validation logic more robust and directly tied to the upload context. Therefore, the getMaxFileSize function is the primary vulnerable function, as it contained the flawed logic that was exploited.