Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Incorrect Authorization Vulnerability - CVE-2025-43806 - Vulnerability Database
Liferay DXP

Liferay DXP Incorrect Authorization Vulnerability - CVE-2025-43806

Medium
Reference: CVE-2025-43806
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43806
Title: Liferay DXP Incorrect Authorization Vulnerability
Overview:

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112 and Liferay DXP 2023.Q4.0 through 2023.Q4.7 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92 does not properly check permission with import and export tasks which allows remote authenticated users to access the exported data via the REST APIs.