CVE-2025-43773

🗓️ 29 Aug 2025 18:59:52Reported by LiferayType

CVE-2025-43773 allows improper access through expandoTableLocalService in Liferay Portal and DXP.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2025-43773	29 Aug 202523:04	–	circl
CNNVD	Liferay Portal和Liferay DXP 安全漏洞	29 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-43773	29 Aug 202518:59	–	cvelist
EUVD	EUVD-2025-26235	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal allows improper access through the expandoTableLocalService	29 Aug 202521:32	–	github
Tenable Nessus	Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities	7 Aug 202500:00	–	nessus
NVD	CVE-2025-43773	29 Aug 202519:15	–	nvd
OSV	CVE-2025-43773	29 Aug 202519:15	–	osv
OSV	GHSA-876G-49R6-33QJ Liferay Portal allows improper access through the expandoTableLocalService	29 Aug 202521:32	–	osv
Positive Technologies	PT-2025-35303	29 Aug 202500:00	–	ptsecurity

NVD

Vulners

Node

liferay digital_experience_platformRange2024.Q1.1–2024.Q1.19

liferay digital_experience_platformRange2024.q2.0–2024.q2.13

liferay digital_experience_platformRange2024.Q3.0–2024.Q3.13

liferay digital_experience_platformRange2024.q4.0–2024.q4.7

liferay digital_experience_platformRange2025.Q1.0–2025.Q1.15

liferay digital_experience_platformMatch7.4

liferay digital_experience_platformMatch2025.q2.0

liferay liferay_portalRange7.4.0–7.4.3.132

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.132",
        "status": "affected",
        "version": "7.4.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13-u92",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q1.18",
        "status": "affected",
        "version": "2024.Q1.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q2.13",
        "status": "affected",
        "version": "2024.Q2.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q3.13",
        "status": "affected",
        "version": "2024.Q3.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q4.7",
        "status": "affected",
        "version": "2024.Q4.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2025.Q1.14",
        "status": "affected",
        "version": "2025.Q1.0",
        "versionType": "maven"
      },
      {
        "status": "affected",
        "version": "2025.Q2.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773

16 Dec 2025 14:56Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.19.1

CVSS 44.6

EPSS0.00072

SSVC

CWE-862