N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43752

GHSA ID

GHSA-qpp6-f3qj-rggq

EPSS Score

0.11704%

CWE

CWE-770

Published

8/22/2025

Updated

8/22/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-43752

CVE-2025-43752: Liferay Portal's Unlimited File Upload Could Result in DoS

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the object entries attachment fields, the files are stored in the document_library allowing an attacker to cause a potential DDoS.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43752

GHSA ID

GHSA-qpp6-f3qj-rggq

EPSS Score

0.11704%

CWE

CWE-770

Published

8/22/2025

Updated

8/22/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay.portal:release.portal.bom	maven	>= 7.4.0-ga1, <= 7.4.3.132-ga132

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Li**r*y Port*l *.*.* t*rou** *.*.*.***, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*rou** ****.Q*.** *n* *.* ** t*rou** up**t* ** *llow us*rs to upl

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-43752: Liferay Portal's Unlimited File Upload Could Result in DoS

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI