CVE-2025-43772 DoS vulnerability in Kaleo Forms Admin

Description

Kaleo Forms Admin in Liferay Portal and Liferay DXP does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request.

Severity

7.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)

Affected Version(s)

Liferay DXP 7.4 GA
Liferay DXP 7.3 GA through update 27
Liferay DXP 7.2
Liferay DXP 7.1
Liferay DXP 7.0
Liferay Kaleo Forms 2.x

Fixed Version(s)

Liferay Portal 7.4.3.5
Liferay DXP 7.4 update 1
Liferay DXP 7.3 update 28

Publication date: Fri, 04 Oct 2024 14:17:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.

Community

Company

Feedback

Known Vulnerabilities

Releases

Description

Severity

Affected Version(s)

Fixed Version(s)