N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43790

GHSA ID

GHSA-5wxc-3jfw-w94p

EPSS Score

0.33983%

CWE

CWE-639

Published

9/11/2025

Updated

9/12/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-43790

CVE-2025-43790: Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate data/object entries/definitions to an object in a different virtual instance.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43790

GHSA ID

GHSA-5wxc-3jfw-w94p

EPSS Score

0.33983%

CWE

CWE-639

Published

9/11/2025

Updated

9/12/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay:com.liferay.object.service	maven	< 1.0.197	1.0.197

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is an Insecure Direct Object Reference (IDOR) within Liferay Portal, allowing authenticated users to access and manipulate data across different virtual instances. The root cause was a missing authorization check when handling object relationships.

The analysis of the provided commit 66b9a7dc4d40a10dec03e169ca8735add81e9bd9 clearly points to the vulnerable function. The patch modifies the RelationshipObjectFieldBusinessType.java file, specifically within the getValue method.

Before the fix, the getValue method would fetch an ObjectEntry based on a user-provided ID without verifying its parent ObjectDefinition. This meant a user from one virtual instance could reference an object in another instance by its ID, bypassing security boundaries. The patch introduces a crucial validation step: it compares the objectDefinitionId of the fetched object with the objectDefinitionId of the current context. If they do not match, it throws an ObjectEntryValuesException, effectively preventing the cross-instance data access.

Therefore, the com.liferay.object.internal.field.business.type.RelationshipObjectFieldBusinessType.getValue function is the precise location of the vulnerability. During exploitation, a runtime profiler would show this function being called as it processes the malicious request containing the ID of an object from another virtual instance.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Ins**ur* *ir**t O*j**t R***r*n** (I*OR) vuln*r**ility in Li**r*y Port*l *.*.* t*rou** *.*.*.***, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.** *n* *.* ** t*rou** up**t* ** *llows r*mot* *ut**nti**t** us*rs to *rom on* virt

Reasoning

T** vuln*r**ility is *n Ins**ur* *ir**t O*j**t R***r*n** (I*OR) wit*in Li**r*y Port*l, *llowin* *ut**nti**t** us*rs to ****ss *n* m*nipul*t* **t* **ross *i***r*nt virtu*l inst*n**s. T** root **us* w*s * missin* *ut*oriz*tion ****k w**n **n*lin* o*j**

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-43790: Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI