Miggo Logo

CVE-2025-43808: Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource

N/A

CVSS Score

Basic Information

EPSS Score
-
Published
9/19/2025
Updated
9/19/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.liferay.commerce:com.liferay.commerce.product.type.virtual.servicemaven< 4.0.474.0.47

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

T** *omm*r** *ompon*nt in Li**r*y Port*l *.*.* t*rou** *.*.*.***, *n* Li**r*y *XP ****.Q*.* t*rou** ****.Q*.*, ****.Q*.* t*rou** ****.Q*.**, *.* ** t*rou** up**t* **, *n* *.* s*rvi** p**k * t*rou** up**t* ** s*v*s virtu*l pro*u*ts uplo**** to *o*um*n

Reasoning

No *n*lysis *v*il**l*
CVE-2025-43808: Liferay Commerce Access Bypass | Miggo