Vulnerability in Liferay Dxp

CVE-2025-43801

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update…

EPSS: 0.002 (45.2th percentile) — read the EPSS interpretation.

Affected products

Liferay Dxp — versions 7.3.10, 7.4.13, 2023.Q3.1
Liferay Portal — versions 7.4.0

Weakness classification (CWE)

CWE-606

References

liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/conten…