CVE-2025-43790HIGH 8.1EPSS p22.2%

CVE-2025-43790CVE-2025-43790

Description

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate data/object entries/definitions to an object in a different virtual instance.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.31% probability of exploitation · percentile 22.2% · 2026-06-19T12:03:05Z
Published2025-09-11
Last modified2025-12-16

Underlying weaknesses· 1

CWE-639

References

  1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43790

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-43773
CVE
CVE-2025-43766
CVE
CVE-2025-4581
CVE
CVE-2025-3594
CVE
CVE-2025-43813
CVE
CVE-2025-52389
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.