N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43799

GHSA ID

GHSA-43xf-59vr-g4f2

EPSS Score

0.35232%

CWE

CWE-1393

Published

9/15/2025

Updated

9/16/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-43799

CVE-2025-43799: Liferay Portal Uses Default Password

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2025-43799

GHSA ID

GHSA-43xf-59vr-g4f2

EPSS Score

0.35232%

CWE

CWE-1393

Published

9/15/2025

Updated

9/16/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay.portal:release.portal.bom	maven	>= 7.4.0, < 7.4.3.112	7.4.3.112

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Li**r*y Port*l *.*.* t*rou** *.*.*.***, *n* ol**r unsupport** v*rsions, *n* Li**r*y *XP ****.Q*.*, ****.Q*.* t*rou** ****.Q*.*, *.* ** t*rou** up**t* ** *n* *.* ** t*rou** up**t* **, *n* ol**r unsupport** v*rsions *o*s not limit ****ss to *PIs ***or*

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

CVE-2025-43799: Liferay Portal Uses Default Password

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI