Insecure Direct Object Reference (IDOR)

🗓️ 25 Nov 2025 08:43:39Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 2 Views

Liferay portal exposes workflow definitions by name without authorization, causing insecure direct object reference.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2025-43782	11 Sep 202517:39	–	circl
CNNVD	Liferay Portal和Liferay DXP 安全漏洞	11 Sep 202500:00	–	cnnvd
CVE	CVE-2025-43782	11 Sep 202517:26	–	cve
Cvelist	CVE-2025-43782	11 Sep 202517:26	–	cvelist
EUVD	EUVD-2025-28981	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name	11 Sep 202518:35	–	github
NVD	CVE-2025-43782	11 Sep 202518:15	–	nvd
OSV	CVE-2025-43782	11 Sep 202518:15	–	osv
OSV	GHSA-WR8M-5H2P-4432 Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name	11 Sep 202518:35	–	osv
Positive Technologies	PT-2025-37252	11 Sep 202500:00	–	ptsecurity

Vulners

Node

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implRange5.0.1–5.0.47java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.1java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.10java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.11java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.12java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.13java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.14java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.15java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.16java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.17java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.18java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.19java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.2java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.20java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.21java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.22java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.23java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.24java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.25java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.26java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.27java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.28java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.29java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.3java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.30java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.31java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.32java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.33java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.34java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.35java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.36java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.37java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.38java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.39java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.4java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.40java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.41java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.42java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.43java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.44java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.45java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.46java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.5java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.6java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.7java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.8java

com.liferay.portal.workflow.kaleo.runtime.integration.impl com.liferay.portal.workflow.kaleo.runtime.integration.implMatch5.0.9java

Source	Link
github	www.github.com/liferay/liferay-portal/commit/720f2d3fde180e5c2971a5d01246dfec36f68131
github	www.github.com/liferay/liferay-portal/commit/acf50c712f7f21c2f52db30883486cb885c8bdd0
github	www.github.com/liferay/liferay-portal
github	www.github.com/liferay/liferay-portal/commit/4e85bafae4c4e17d3f87054d1f1d49a908d79819
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43782
github	www.github.com/liferay/liferay-portal/commit/b61004c960e10d576634096fccc9f71677df0fbd
github	www.github.com/liferay/liferay-portal/commit/c30a8b729e133f7f40277ce7dc350b87d13d49c7
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-43782
github	www.github.com/liferay/liferay-portal/commit/ad55ef75cb82c8b1ed01f311488475a646481731

16 Dec 2025 16:44Current

7.1High risk

Vulners AI Score7.1

CVSS 3.14.3

CVSS 45.3

EPSS0.00075

SSVC