CVE-2025-43798
EUVD-2025-2925715.09.2025, 21:15
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| liferay | digital_experience_platform | 2023.q3.1 ≤ 𝑥 < 2023.q3.5 |
| liferay | digital_experience_platform | 7.3 |
| liferay | digital_experience_platform | 7.3:fix_pack_1 |
| liferay | digital_experience_platform | 7.3:fix_pack_2 |
| liferay | digital_experience_platform | 7.3:service_pack_1 |
| liferay | digital_experience_platform | 7.3:service_pack_2 |
| liferay | digital_experience_platform | 7.3:service_pack_3 |
| liferay | digital_experience_platform | 7.3:update1 |
| liferay | digital_experience_platform | 7.3:update10 |
| liferay | digital_experience_platform | 7.3:update11 |
| liferay | digital_experience_platform | 7.3:update12 |
| liferay | digital_experience_platform | 7.3:update13 |
| liferay | digital_experience_platform | 7.3:update14 |
| liferay | digital_experience_platform | 7.3:update15 |
| liferay | digital_experience_platform | 7.3:update16 |
| liferay | digital_experience_platform | 7.3:update17 |
| liferay | digital_experience_platform | 7.3:update18 |
| liferay | digital_experience_platform | 7.3:update19 |
| liferay | digital_experience_platform | 7.3:update2 |
| liferay | digital_experience_platform | 7.3:update20 |
| liferay | digital_experience_platform | 7.3:update21 |
| liferay | digital_experience_platform | 7.3:update22 |
| liferay | digital_experience_platform | 7.3:update23 |
| liferay | digital_experience_platform | 7.3:update24 |
| liferay | digital_experience_platform | 7.3:update25 |
| liferay | digital_experience_platform | 7.3:update26 |
| liferay | digital_experience_platform | 7.3:update27 |
| liferay | digital_experience_platform | 7.3:update28 |
| liferay | digital_experience_platform | 7.3:update29 |
| liferay | digital_experience_platform | 7.3:update3 |
| liferay | digital_experience_platform | 7.3:update30 |
| liferay | digital_experience_platform | 7.3:update31 |
| liferay | digital_experience_platform | 7.3:update32 |
| liferay | digital_experience_platform | 7.3:update33 |
| liferay | digital_experience_platform | 7.3:update34 |
| liferay | digital_experience_platform | 7.3:update35 |
| liferay | digital_experience_platform | 7.3:update4 |
| liferay | digital_experience_platform | 7.3:update5 |
| liferay | digital_experience_platform | 7.3:update6 |
| liferay | digital_experience_platform | 7.3:update7 |
| liferay | digital_experience_platform | 7.3:update8 |
| liferay | digital_experience_platform | 7.3:update9 |
| liferay | digital_experience_platform | 7.4 |
| liferay | digital_experience_platform | 2023.q4.0:q4.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration