CVE-2025-43768 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.7 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Liferay	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Vendor	Product	Version
liferay	digital_experience_platform	2024.Q1.1 ≤ 𝑥 < 2024.Q1.16
liferay	digital_experience_platform	2024.q2.0 ≤ 𝑥 ≤ 2024.q2.13
liferay	digital_experience_platform	2024.q3.1 ≤ 𝑥 ≤ 2024.q3.13
liferay	digital_experience_platform	7.4:update86
liferay	digital_experience_platform	7.4:update87
liferay	digital_experience_platform	7.4:update88
liferay	digital_experience_platform	7.4:update89
liferay	digital_experience_platform	7.4:update90
liferay	digital_experience_platform	7.4:update91
liferay	digital_experience_platform	7.4:update92
liferay	liferay_portal	7.4.0 ≤ 𝑥 < 7.4.3.132

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-201 - Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43768