CVE-2025-43773

🗓️ 29 Aug 2025 18:59:52Reported by LiferayType

CVE-2025-43773 allows improper access via expandoTableLocalService in certain Liferay versions.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2025-43773	29 Aug 202523:04	–	circl
CNNVD	Liferay Portal和Liferay DXP 安全漏洞	29 Aug 202500:00	–	cnnvd
CVE	CVE-2025-43773	29 Aug 202518:59	–	cve
EUVD	EUVD-2025-26235	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal allows improper access through the expandoTableLocalService	29 Aug 202521:32	–	github
Tenable Nessus	Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities	7 Aug 202500:00	–	nessus
NVD	CVE-2025-43773	29 Aug 202519:15	–	nvd
OSV	CVE-2025-43773	29 Aug 202519:15	–	osv
OSV	GHSA-876G-49R6-33QJ Liferay Portal allows improper access through the expandoTableLocalService	29 Aug 202521:32	–	osv
Positive Technologies	PT-2025-35303	29 Aug 202500:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.132",
        "status": "affected",
        "version": "7.4.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13-u92",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q1.18",
        "status": "affected",
        "version": "2024.Q1.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q2.13",
        "status": "affected",
        "version": "2024.Q2.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q3.13",
        "status": "affected",
        "version": "2024.Q3.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2024.Q4.7",
        "status": "affected",
        "version": "2024.Q4.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "2025.Q1.14",
        "status": "affected",
        "version": "2025.Q1.0",
        "versionType": "maven"
      },
      {
        "status": "affected",
        "version": "2025.Q2.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43773

29 Aug 2025 19:14Current

CVSS 44.6

EPSS0.00072

CWE-862