CVE-2025-43748 Insufficient CSRF protection for omni-administrator actions

Description

Insufficient CSRF protection for omni-administrator users in Liferay Portal and Liferay DXP allows attackers to execute Cross-Site Request Forgery

Severity

7.1 (CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

Affected Version(s)

  • Liferay Portal 7.0.0 through 7.4.3.119
  • Liferay DXP 2024.Q1.1 through 2024.Q1.6
  • Liferay DXP 2023.Q4
  • Liferay DXP 2023.Q3
  • Liferay DXP 7.4
  • Liferay DXP 7.3
  • Liferay DXP 7.2
  • Liferay DXP 7.1
  • Liferay DXP 7.0
  • Liferay Portal 6.2 EE

Fixed Version(s)

Publication date: Tue, 01 Oct 2024 20:06:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.

Community
Company
Feedback
Copyright © 2025 Liferay, IncPrivacy Policy

Powered by Liferay™