EUVD-2025-28008

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Unauthenticated users can upload files via form attachment field, bypassing MIME checks.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-43750	20 Aug 202514:32	–	circl
CNNVD	Liferay Portal和Liferay DXP 代码问题漏洞	20 Aug 202500:00	–	cnnvd
CVE	CVE-2025-43750	20 Aug 202512:12	–	cve
Cvelist	CVE-2025-43750	20 Aug 202512:12	–	cvelist
Github Security Blog	Liferay Portal Unvalidated File Upload	20 Aug 202515:31	–	github
NVD	CVE-2025-43750	20 Aug 202513:15	–	nvd
OSV	CVE-2025-43750	20 Aug 202513:15	–	osv
OSV	GHSA-56QJ-WP5R-MVHJ Liferay Portal Unvalidated File Upload	20 Aug 202515:31	–	osv
Positive Technologies	PT-2025-34041	20 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-43750	22 Aug 202512:26	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "8204e8d1-b100-375d-a073-5e215c4bd493",
        "vendor": {
          "name": "Liferay"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "00c2fbc6-1334-3bc3-9edb-8f49603191f7",
        "product": {
          "name": "Portal"
        },
        "product_version": "7.4.0 ≤7.4.3.132"
      },
      {
        "id": "1ac3ea70-eb14-3abf-917f-f30a7956a7e2",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q2.0 ≤2023.Q2.13"
      },
      {
        "id": "265cbef2-6ed4-384e-8af1-419d5eb3f80a",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q4.0 ≤2024.Q4.7"
      },
      {
        "id": "59513daf-165c-324c-b532-f638dba94a38",
        "product": {
          "name": "DXP"
        },
        "product_version": "2025.Q1.0 ≤2025.Q1.1"
      },
      {
        "id": "a26ec351-125d-37f0-9b55-d2712f1a7786",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q1.1 ≤2024.Q1.19"
      },
      {
        "id": "da687731-c3ee-3145-a744-9312f9e15494",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q3.1 ≤2024.Q3.13"
      },
      {
        "id": "e97dc25c-95e9-3f9b-b186-47a3381e1183",
        "product": {
          "name": "DXP"
        },
        "product_version": "2024.Q1.1 ≤2024.Q1.14"
      },
      {
        "id": "ec026dc3-a0a7-347f-8e1d-5ff6de99e12d",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.4.13 ≤7.4.13-u92"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43750
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-43750
github	www.github.com/liferay/liferay-portal/commit/7f58439723c8373e038d5060d0bc58ff2475bdc5
github	www.github.com/liferay/liferay-portal/commit/b9e57377cb88bad1775beab50558cc2bd5a9758e
liferay	www.liferay.atlassian.net/browse/LPE-18190

03 Oct 2025 20:07Current

6.3Medium risk

Vulners AI Score6.3

CVSS 45.1

EPSS0.00103

SSVC