Vulnerability Database

313,495

Total vulnerabilities in the database

CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.

Published: Sep 15, 2025
Updated: Dec 20, 2025
CVE: CVE-2025-43798
GHSA: GHSA-4p5r-3jmm-652q
Severity: Low
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-304

Affected Software
References

Software	From	Fixed in
com.liferay / com.liferay.multi.factor.authentication.timebased.otp.web	-	2.0.25
liferay / digital_experience_platform	2023.q3.1	2023.q3.5
liferay / digital_experience_platform	7.3	7.3.x
liferay / digital_experience_platform	7.3-fix_pack_1	7.3-fix_pack_1.x
liferay / digital_experience_platform	7.3-fix_pack_2	7.3-fix_pack_2.x
liferay / digital_experience_platform	7.3-service_pack_1	7.3-service_pack_1.x
liferay / digital_experience_platform	7.3-service_pack_2	7.3-service_pack_2.x
liferay / digital_experience_platform	7.3-service_pack_3	7.3-service_pack_3.x
liferay / digital_experience_platform	7.3-update1	7.3-update1.x
liferay / digital_experience_platform	7.3-update10	7.3-update10.x
liferay / digital_experience_platform	7.3-update11	7.3-update11.x
liferay / digital_experience_platform	7.3-update12	7.3-update12.x
liferay / digital_experience_platform	7.3-update13	7.3-update13.x
liferay / digital_experience_platform	7.3-update14	7.3-update14.x
liferay / digital_experience_platform	7.3-update15	7.3-update15.x
liferay / digital_experience_platform	7.3-update16	7.3-update16.x
liferay / digital_experience_platform	7.3-update17	7.3-update17.x
liferay / digital_experience_platform	7.3-update18	7.3-update18.x
liferay / digital_experience_platform	7.3-update19	7.3-update19.x
liferay / digital_experience_platform	7.3-update2	7.3-update2.x
liferay / digital_experience_platform	7.3-update20	7.3-update20.x
liferay / digital_experience_platform	7.3-update21	7.3-update21.x
liferay / digital_experience_platform	7.3-update22	7.3-update22.x
liferay / digital_experience_platform	7.3-update23	7.3-update23.x
liferay / digital_experience_platform	7.3-update24	7.3-update24.x
liferay / digital_experience_platform	7.3-update25	7.3-update25.x
liferay / digital_experience_platform	7.3-update26	7.3-update26.x
liferay / digital_experience_platform	7.3-update27	7.3-update27.x
liferay / digital_experience_platform	7.3-update28	7.3-update28.x
liferay / digital_experience_platform	7.3-update29	7.3-update29.x
liferay / digital_experience_platform	7.3-update3	7.3-update3.x
liferay / digital_experience_platform	7.3-update30	7.3-update30.x
liferay / digital_experience_platform	7.3-update31	7.3-update31.x
liferay / digital_experience_platform	7.3-update32	7.3-update32.x
liferay / digital_experience_platform	7.3-update33	7.3-update33.x
liferay / digital_experience_platform	7.3-update34	7.3-update34.x
liferay / digital_experience_platform	7.3-update35	7.3-update35.x
liferay / digital_experience_platform	7.3-update4	7.3-update4.x
liferay / digital_experience_platform	7.3-update5	7.3-update5.x
liferay / digital_experience_platform	7.3-update6	7.3-update6.x
liferay / digital_experience_platform	7.3-update7	7.3-update7.x
liferay / digital_experience_platform	7.3-update8	7.3-update8.x
liferay / digital_experience_platform	7.3-update9	7.3-update9.x
liferay / digital_experience_platform	7.4	7.4.x
liferay / digital_experience_platform	2023.q4.0	2023.q4.0.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo