Liferay Security AdvisoriesLiferay Security Advisorieshttps://liferay.dev/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/rss2026-04-17T17:29:42Z2026-04-17T17:29:42ZCVE-2025-62267 Stored XSS in web content template's select structure pageAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62267?p_r_p_assetEntryId=124566485&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62267&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124566485%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-31T18:17:30Z2025-10-31T18:17:00ZAlex Candido2025-10-31T18:17:00ZCVE-2025-62264 Reflected XSS with `selectedLanguageId` in Languauge OverrideAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62264?p_r_p_assetEntryId=124566240&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62264&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124566240%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-31T17:33:57Z2025-10-31T17:33:00ZAlex Candido2025-10-31T17:33:00ZCVE-2025-62275 Blogs images are visible to unauthenticated usersAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62275-1?p_r_p_assetEntryId=124569821&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62275-1&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124569821%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-11-01T02:47:01Z2025-10-31T14:44:00ZAlex Candido2025-10-31T14:44:00ZCVE-2025-62276 Private Cache-Control header for DM and AM file downloadAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62276?p_r_p_assetEntryId=124568859&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62276&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124568859%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-31T23:38:18Z2025-10-31T11:38:00ZAlex Candido2025-10-31T11:38:00ZCVE-2025-62266 Insecure default for the property `redirect.url.security.mode`Alex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62266?p_r_p_assetEntryId=124555987&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62266&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124555987%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-30T17:38:24Z2025-10-30T17:38:00ZAlex Candido2025-10-30T17:38:00ZCVE-2025-62257 Lockout mechanism doesn't prevent password enumeration brute force attacksAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62257?p_r_p_assetEntryId=124547322&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62257&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124547322%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-29T23:25:31Z2025-10-29T11:25:00ZAlex Candido2025-10-29T11:25:00ZCVE-2025-62258 CSRF vulnerability with headless APIAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62258?p_r_p_assetEntryId=124526129&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62258&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124526129%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-27T22:58:02Z2025-10-27T10:44:00ZAlex Candido2025-10-27T10:44:00ZCVE-2025-62260 Headless API does not limit page sizeAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62260?p_r_p_assetEntryId=124525549&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62260&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124525549%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-27T21:40:42Z2025-10-27T09:40:00ZAlex Candido2025-10-27T09:40:00ZCVE-2025-62261 Cleartext storage of password reset ticketsAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62261?p_r_p_assetEntryId=124525242&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62261&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124525242%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-27T21:09:00Z2025-10-27T09:09:00ZAlex Candido2025-10-27T09:09:00ZCVE-2025-62262 Email address in LDAP import logsAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62262?p_r_p_assetEntryId=124524929&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62262&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124524929%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-27T20:35:05Z2025-10-27T08:35:00ZAlex Candido2025-10-27T08:35:00ZCVE-2025-62263 Stored XSS with account role and organization nameAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62263?p_r_p_assetEntryId=124524310&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62263&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124524310%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-27T19:31:43Z2025-10-27T07:31:00ZAlex Candido2025-10-27T07:31:00ZCVE-2025-62255 Self-XSS with attachment file names in Knowledge BaseAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62255?p_r_p_assetEntryId=124472916&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62255&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124472916%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-23T22:09:57Z2025-10-23T18:43:00ZAlex Candido2025-10-23T18:43:00ZCVE-2025-62256 OpenAPI authentication bypassAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62256?p_r_p_assetEntryId=124470237&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62256&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124470237%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-23T22:22:56Z2025-10-23T13:32:00ZAlex Candido2025-10-23T13:32:00ZCVE-2025-62254 Very large ComboServlet responsesAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-62254?p_r_p_assetEntryId=124474718&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-62254&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124474718%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-23T22:22:44Z2025-10-23T10:11:00ZAlex Candido2025-10-23T10:11:00ZCVE-2025-43825 Sensible user data available to freemarker templateAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43825?p_r_p_assetEntryId=124203962&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-43825&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124203962%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-10-03T21:12:50Z2025-10-03T09:08:00ZAlex Candido2025-10-03T09:08:00ZCVE-2025-43816 Memory leak when consuming the headless API for StructuredContentsAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43816?p_r_p_assetEntryId=124064120&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-43816&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124064120%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-09-25T20:04:12Z2025-09-25T08:04:00ZAlex Candido2025-09-25T08:04:00ZCVE-2025-43819 User session is not killed by SLO APIAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43819?p_r_p_assetEntryId=124045658&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-43819&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124045658%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-09-24T01:32:16Z2025-09-23T13:32:00ZAlex Candido2025-09-23T13:32:00ZCVE-2025-43814 Password reminder answers recorded in audit eventsAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43814?p_r_p_assetEntryId=124023142&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-43814&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124023142%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-09-22T22:57:13Z2025-09-22T10:57:00ZAlex Candido2025-09-22T10:57:00ZCVE-2025-43806 Unauthorized access to exported data from batch engineAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43806?p_r_p_assetEntryId=124020233&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-43806&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D124020233%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-09-22T21:36:22Z2025-09-22T09:36:00ZAlex Candido2025-09-22T09:36:00ZCVE-2025-43809 CSRF vulnerability with server (license) registrationAlex Candidohttps://liferay.dev:443/zh/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43809?p_r_p_assetEntryId=123953324&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_type=content&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_urlTitle=cve-2025-43809&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fzh%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D123953324%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse2025-09-19T19:23:41Z2025-09-19T07:23:00ZAlex Candido2025-09-19T07:23:00Z