Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-43768 - Vulnerability Database
Liferay DXP

Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-43768

High
Reference: CVE-2025-43768
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43768
Title: Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability
Overview:

Liferay Portal 7.4.0 through 7.4.3.131 and Liferay DXP 2024.Q4.0 through 2024.Q4.7 2024.Q3.1 through 2024.Q3.13 2024.Q2.0 through 2024.Q2.13 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs.