CVE-2025-43773

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.

Published: Aug 29, 2025
Updated: Aug 30, 2025
CVE: CVE-2025-43773
GHSA: GHSA-876g-49r6-33qj
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
com.liferay / com.liferay.portal.workflow.kaleo.runtime.impl	-	6.0.93

https://github.com/liferay/liferay-portal/commit/1cbc4b615c270ce986b7fa1835ed196a11ac3234
https://github.com/liferay/liferay-portal/commit/58849cc83348af289944c874301e16e039ae4270
https://github.com/liferay/liferay-portal/commit/8eacaaa1e3552648a3e4a0975731641087d186af
https://github.com/liferay/liferay-portal/commit/9f56b195aec5c1c904242206d61f3fe412701941
https://github.com/liferay/liferay-portal/commit/f33cda648a9082567d7de06c27ba9d3583ee8ff5
https://liferay.atlassian.net/browse/LPE-18262
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773

Vulnerability Database

CVE-2025-43773