EUVD-2025-24251

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

DoS via file upload in Liferay Portal and DXP; oversized profile pictures slow service.

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2025-43736	12 Aug 202512:09	–	circl
CNNVD	Liferay Portal和Liferay DXP 安全漏洞	12 Aug 202500:00	–	cnnvd
CVE	CVE-2025-43736	12 Aug 202511:01	–	cve
Cvelist	CVE-2025-43736	12 Aug 202511:01	–	cvelist
Github Security Blog	Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability	12 Aug 202512:30	–	github
NVD	CVE-2025-43736	12 Aug 202511:15	–	nvd
OSV	CVE-2025-43736	12 Aug 202511:15	–	osv
OSV	GHSA-CG99-M88X-422C Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability	12 Aug 202512:30	–	osv
Positive Technologies	PT-2025-32666 · Liferay · Liferay Portal +1	12 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-43736	14 Aug 202511:29	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "f99615f8-2b0c-3610-8c10-eb018b49f6ec",
        "vendor": {
          "name": "Liferay"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "00942d7e-45af-3633-b715-c540bc492cb7",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q4.0 ≤2024.Q4.7"
      },
      {
        "id": "0a1d6b7c-978d-3d53-b610-862b94ae7f85",
        "product": {
          "name": "DXP"
        },
        "product_version": "2025.Q1.0 ≤2025.Q1.8"
      },
      {
        "id": "20f53e22-dc20-385b-93a8-fa24c3458d79",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q3.1 ≤2024.Q3.13"
      },
      {
        "id": "434bf764-d47b-317f-bd8c-a46aa7b90f37",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.4.13 ≤7.4.13-u92"
      },
      {
        "id": "51af713c-62a7-3031-b735-0489a64fb419",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024Q2.0 ≤2023.Q2.13"
      },
      {
        "id": "95f1f133-8abe-3598-b080-b4730231d9fa",
        "product": {
          "name": "Portal"
        },
        "product_version": "7.4.3.0 ≤7.4.3.132"
      },
      {
        "id": "9ac2ac43-f24f-3ff9-bff0-c468e3a83e33",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q1.1 ≤2024.Q1.16"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43736
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-43736
github	www.github.com/liferay/liferay-portal/commit/ab8932bee29df7df377c468f662d55e624d9390d
liferay	www.liferay.atlassian.net/browse/LPE-18220

03 Oct 2025 20:07Current

6.3Medium risk

Vulners AI Score6.3

CVSS 46.9

EPSS0.00668

SSVC