Security Listings

Liferay DXP 7.3 Liferay DXP 7.4 Liferay Portal 7.4

7.1

CVE-2025-43772 DoS vulnerability in Kaleo Forms Admin

Description

Kaleo Forms Admin in Liferay Portal and Liferay DXP does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request.

Severity

7.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)

Affected Version(s)

Liferay DXP 7.4 GA
Liferay DXP 7.3 GA through update 27
Liferay DXP 7.2
Liferay DXP 7.1
Liferay DXP 7.0
Liferay Kaleo Forms 2.x

Fixed Version(s)

Liferay Portal 7.4.3.5
Liferay DXP 7.4 update 1
Liferay DXP 7.3 update 28

CVE-2025-43772

Publication Date:

Oktober 4, 2024

Found a Bug?

If you have found, or think you have found a bug, help us to help you by letting us know!

Learn How >

Found a Security Vulnerability?

There's a different process available if you have a security issue to report...

Learn How >

Hall of Fame!

Raise your profile - report security vulnerabilities and enter the Hall of Fame!

Learn How >

Community

Company

Feedback