N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43768

GHSA ID

GHSA-cv9j-mg9w-v7wm

EPSS Score

0.08125%

CWE

CWE-201

Published

8/23/2025

Updated

8/25/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-43768

CVE-2025-43768: Liferay Portal JSONWS API endpoint shares sensitive information

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43768

GHSA ID

GHSA-cv9j-mg9w-v7wm

EPSS Score

0.08125%

CWE

CWE-201

Published

8/23/2025

Updated

8/25/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay.portal:com.liferay.portal.impl	maven	< 108.1.1	108.1.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis of the provided commit efdbdbce73605ecd13b1a5e60f5186cc59f09c16 clearly indicates that the vulnerability is located in the getRoleUserIds method of the UserServiceImpl class. The vulnerability description states that authenticated users without sufficient permissions can access sensitive information of admin users via JSONWS APIs. The patch directly addresses this by changing the permission check from a lenient ActionKeys.VIEW to a much stricter ActionKeys.ASSIGN_MEMBERS. This change confirms that the getRoleUserIds method was the entry point for the vulnerability. An attacker could have exploited this by making a JSONWS call to this method with the role ID of an administrator role, and if they had basic view permissions, they would receive a list of user IDs belonging to that administrator role. This constitutes a sensitive information disclosure. The identified function is the exact location of the vulnerable code that was fixed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Li**r*y Port*l *.*.* t*rou** *.*.*.***, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*rou** ****.Q*.**, ****.Q*.* t*rou** ****.Q*.** *n* *.* ** t*rou** up**t* ** *llows *ut**nti**t** us*rs wit*out *ny p*rmissi

Reasoning

T** *n*lysis o* t** provi*** *ommit `****************************************` *l**rly in*i**t*s t**t t** vuln*r**ility is lo**t** in t** `**tRol*Us*rI*s` m*t*o* o* t** `Us*rS*rvi**Impl` *l*ss. T** vuln*r**ility **s*ription st*t*s t**t *ut**nti**t**

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-43768: Liferay Portal JSONWS API endpoint shares sensitive information

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI