Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Insecure Default Initialization of Resource Vulnerability - CVE-2025-43797 - Vulnerability Database
Liferay DXP

Liferay DXP Insecure Default Initialization of Resource Vulnerability - CVE-2025-43797

Medium
Reference: CVE-2025-43797
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43797
Title: Liferay DXP Insecure Default Initialization of Resource Vulnerability
Overview:

In Liferay Portal 7.1.0 through 7.4.3.111 and Liferay DXP 2023.Q4.0 2023.Q3.1 through 2023.Q3.4 7.4 GA through update 92 7.3 GA through update 35 and older unsupported versions the default membership type of a newly created site is Open which allows any registered users to become a member of the site. A remote attacker with site membership can potentially view add or edit content on the site.