CVE-2025-43795

EUVD-2025-29075

12.09.2025, 20:15

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_configuration_admin_web_portlet_SystemSettingsPortlet_redirect parameter.

Open redirect vulnerability in the Instance Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_configuration_admin_web_portlet_InstanceSettingsPortlet_redirect parameter.

Open redirect vulnerability in the Site Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_site_admin_web_portlet_SiteSettingsPortlet_redirect parameter.

Open Redirect

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
liferay	digital_experience_platform	𝑥 < 7.3
liferay	digital_experience_platform	2023.Q3.0 ≤ 𝑥 < 2023.Q3.5
liferay	digital_experience_platform	7.3
liferay	digital_experience_platform	7.3:fix_pack_1
liferay	digital_experience_platform	7.3:fix_pack_2
liferay	digital_experience_platform	7.3:service_pack_1
liferay	digital_experience_platform	7.3:service_pack_2
liferay	digital_experience_platform	7.3:service_pack_3
liferay	digital_experience_platform	7.3:update1
liferay	digital_experience_platform	7.3:update10
liferay	digital_experience_platform	7.3:update11
liferay	digital_experience_platform	7.3:update12
liferay	digital_experience_platform	7.3:update13
liferay	digital_experience_platform	7.3:update14
liferay	digital_experience_platform	7.3:update15
liferay	digital_experience_platform	7.3:update16
liferay	digital_experience_platform	7.3:update17
liferay	digital_experience_platform	7.3:update18
liferay	digital_experience_platform	7.3:update19
liferay	digital_experience_platform	7.3:update2
liferay	digital_experience_platform	7.3:update20
liferay	digital_experience_platform	7.3:update21
liferay	digital_experience_platform	7.3:update22
liferay	digital_experience_platform	7.3:update23
liferay	digital_experience_platform	7.3:update24
liferay	digital_experience_platform	7.3:update25
liferay	digital_experience_platform	7.3:update26
liferay	digital_experience_platform	7.3:update27
liferay	digital_experience_platform	7.3:update28
liferay	digital_experience_platform	7.3:update29
liferay	digital_experience_platform	7.3:update3
liferay	digital_experience_platform	7.3:update30
liferay	digital_experience_platform	7.3:update31
liferay	digital_experience_platform	7.3:update32
liferay	digital_experience_platform	7.3:update33
liferay	digital_experience_platform	7.3:update34
liferay	digital_experience_platform	7.3:update35
liferay	digital_experience_platform	7.3:update4
liferay	digital_experience_platform	7.3:update5
liferay	digital_experience_platform	7.3:update6
liferay	digital_experience_platform	7.3:update7
liferay	digital_experience_platform	7.3:update8
liferay	digital_experience_platform	7.3:update9
liferay	digital_experience_platform	7.4
liferay	digital_experience_platform	7.4:update1
liferay	digital_experience_platform	7.4:update10
liferay	digital_experience_platform	7.4:update11
liferay	digital_experience_platform	7.4:update12
liferay	digital_experience_platform	7.4:update13
liferay	digital_experience_platform	7.4:update14
liferay	digital_experience_platform	7.4:update15
liferay	digital_experience_platform	7.4:update16
liferay	digital_experience_platform	7.4:update17
liferay	digital_experience_platform	7.4:update18
liferay	digital_experience_platform	7.4:update19
liferay	digital_experience_platform	7.4:update2
liferay	digital_experience_platform	7.4:update20
liferay	digital_experience_platform	7.4:update21
liferay	digital_experience_platform	7.4:update22
liferay	digital_experience_platform	7.4:update23
liferay	digital_experience_platform	7.4:update24
liferay	digital_experience_platform	7.4:update25
liferay	digital_experience_platform	7.4:update26
liferay	digital_experience_platform	7.4:update27
liferay	digital_experience_platform	7.4:update28
liferay	digital_experience_platform	7.4:update29
liferay	digital_experience_platform	7.4:update3
liferay	digital_experience_platform	7.4:update30
liferay	digital_experience_platform	7.4:update31
liferay	digital_experience_platform	7.4:update32
liferay	digital_experience_platform	7.4:update33
liferay	digital_experience_platform	7.4:update34
liferay	digital_experience_platform	7.4:update35
liferay	digital_experience_platform	7.4:update36
liferay	digital_experience_platform	7.4:update37
liferay	digital_experience_platform	7.4:update38
liferay	digital_experience_platform	7.4:update39
liferay	digital_experience_platform	7.4:update4
liferay	digital_experience_platform	7.4:update40
liferay	digital_experience_platform	7.4:update41
liferay	digital_experience_platform	7.4:update42
liferay	digital_experience_platform	7.4:update43
liferay	digital_experience_platform	7.4:update44
liferay	digital_experience_platform	7.4:update45
liferay	digital_experience_platform	7.4:update46
liferay	digital_experience_platform	7.4:update47
liferay	digital_experience_platform	7.4:update48
liferay	digital_experience_platform	7.4:update49
liferay	digital_experience_platform	7.4:update5
liferay	digital_experience_platform	7.4:update50
liferay	digital_experience_platform	7.4:update51
liferay	digital_experience_platform	7.4:update52
liferay	digital_experience_platform	7.4:update53
liferay	digital_experience_platform	7.4:update54
liferay	digital_experience_platform	7.4:update55
liferay	digital_experience_platform	7.4:update56
liferay	digital_experience_platform	7.4:update57
liferay	digital_experience_platform	7.4:update58
liferay	digital_experience_platform	7.4:update59
liferay	digital_experience_platform	7.4:update6
liferay	digital_experience_platform	7.4:update60
liferay	digital_experience_platform	7.4:update61
liferay	digital_experience_platform	7.4:update62
liferay	digital_experience_platform	7.4:update63
liferay	digital_experience_platform	7.4:update64
liferay	digital_experience_platform	7.4:update65
liferay	digital_experience_platform	7.4:update66
liferay	digital_experience_platform	7.4:update67
liferay	digital_experience_platform	7.4:update68
liferay	digital_experience_platform	7.4:update69
liferay	digital_experience_platform	7.4:update7
liferay	digital_experience_platform	7.4:update70
liferay	digital_experience_platform	7.4:update71
liferay	digital_experience_platform	7.4:update72
liferay	digital_experience_platform	7.4:update73
liferay	digital_experience_platform	7.4:update74
liferay	digital_experience_platform	7.4:update75
liferay	digital_experience_platform	7.4:update76
liferay	digital_experience_platform	7.4:update77
liferay	digital_experience_platform	7.4:update78
liferay	digital_experience_platform	7.4:update79
liferay	digital_experience_platform	7.4:update8
liferay	digital_experience_platform	7.4:update80
liferay	digital_experience_platform	7.4:update81
liferay	digital_experience_platform	7.4:update82
liferay	digital_experience_platform	7.4:update83
liferay	digital_experience_platform	7.4:update84
liferay	digital_experience_platform	7.4:update85
liferay	digital_experience_platform	7.4:update86
liferay	digital_experience_platform	7.4:update87
liferay	digital_experience_platform	7.4:update88
liferay	digital_experience_platform	7.4:update89
liferay	digital_experience_platform	7.4:update9
liferay	digital_experience_platform	7.4:update90
liferay	digital_experience_platform	7.4:update91
liferay	digital_experience_platform	7.4:update92
liferay	liferay_portal	7.1.0 ≤ 𝑥 < 7.4.3.102

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43795