Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

GHSA-F3HF-R62C-MFRJ Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack

🗓️ 12 Sep 2025 21:32:14Reported by GoogleType 
osv
 osv🔗 osv.dev👁 2 Views

Liferay GraphQL endpoint lacks rate limiting, enabling remote denial-of-service via large object queries in affected versions.

Related
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2025-43796
12 Sep 202523:01
circl
CNNVD		Liferay Portal和Liferay DXP 资源管理错误漏洞
12 Sep 202500:00
cnnvd
CVE		CVE-2025-43796
12 Sep 202519:12
cve
Cvelist		CVE-2025-43796
12 Sep 202519:12
cvelist
EUVD		EUVD-2025-29072
3 Oct 202520:07
euvd
Github Security Blog		Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack
12 Sep 202521:32
github
NVD		CVE-2025-43796
12 Sep 202520:15
nvd
OSV		CVE-2025-43796
12 Sep 202520:15
osv
Positive Technologies		PT-2025-37343
12 Sep 202500:00
ptsecurity
RedhatCVE		CVE-2025-43796
14 Sep 202519:20
redhatcve
Rows per page
SourceLink
nvdwww.nvd.nist.gov/vuln/detail/CVE-2025-43796
githubwww.github.com/liferay/liferay-portal/commit/2e4adf041e31f3474a14c29b7c135693f6529400
githubwww.github.com/liferay/liferay-portal/commit/2f74f23982fb03238f9b4ae145c33a9c1084f07e
githubwww.github.com/liferay/liferay-portal/commit/3780804b0d8f4f14bfca470a3e2e662bc6cef588
githubwww.github.com/liferay/liferay-portal/commit/8344aec3bebcd2ca409794523d5db5be6047c3dd
githubwww.github.com/liferay/liferay-portal/commit/83e77963499d4d3e7cc82cc48e63c992f6f29a6d
githubwww.github.com/liferay/liferay-portal/commit/8dda4adc0e9e7b6f82d4b3959592cad61640309b
githubwww.github.com/liferay/liferay-portal
liferaywww.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43796
githubwww.github.com/liferay/liferay-portal/commit/8f7eb98e05a5ea6961346ecc21fd73e4b46bba99
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Sep 2025 14:12Current
7High risk
Vulners AI Score7
CVSS 47.1
EPSS0.00226
Liferay PortalLiferay DXPGraphQL endpointrate limitingdenial of servicelarge object queriesaffected versions
2