CVE-2025-43767

Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through update 92 allows an attacker to exploit this security vulnerability to redirect users to a malicious site.

Published: Aug 23, 2025
Updated: Aug 26, 2025
CVE: CVE-2025-43767
GHSA: GHSA-6hj4-v2qp-cqr2
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
com.liferay / com.liferay.info.impl	-	5.0.69

https://github.com/liferay/liferay-portal/commit/04d6892c12f8c3d12085124b6cb856dfacb9bb89
https://liferay.atlassian.net/browse/LPE-18139
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767

Vulnerability Database

CVE-2025-43767