Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay DXP Missing Critical Step in Authentication Vulnerability - CVE-2025-43798 - Vulnerability Database
Liferay DXP

Liferay DXP Missing Critical Step in Authentication Vulnerability - CVE-2025-43798

Medium
Reference: CVE-2025-43798
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-43798
Title: Liferay DXP Missing Critical Step in Authentication Vulnerability
Overview:

Liferay DXP 2023.Q4.0 2023.Q3.1 through 2023.Q3.4 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period which allows attackers with access to a users TOTP to authenticate as the user.