Vulnerability Database
296,748
Total vulnerabilities in the database
CVE-2025-43772
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request.
| Software | From | Fixed in |
|---|---|---|
com.liferay / com.liferay.portal.workflow.kaleo.forms.web
|
- | 5.0.29 |
- https://github.com/liferay/liferay-portal/commit/566ba7b48d6e8c62e5da71c34bb56b87183bf503
- https://github.com/liferay/liferay-portal/commit/5d62db9d01005fc148297dad37f84660cd8b4a2b
- https://liferay.atlassian.net/browse/LPE-17456
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43772
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime