Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay Portal Incorrect Authorization Vulnerability - CVE-2025-43789 - Vulnerability Database
Liferay Portal

Liferay Portal Incorrect Authorization Vulnerability - CVE-2025-43789

Medium
Reference: CVE-2025-43789
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43789
Title: Liferay Portal Incorrect Authorization Vulnerability
Overview:

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119 and Liferay DXP 2024.Q1.1 through 2024.Q1.9 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.