Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43790) - Vulnerability Database

Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43790)

Description

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate data/object entries/definitions to an object in a different virtual instance.

References

CVE-2025-43790

Related Vulnerabilities

WebLogic CVE-2022-21258 Vulnerability (CVE-2022-21258) Medium
Common tags: Missing Update Known Vulnerabilities
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1101) Medium
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19215) High
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19216) High
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19217) High
Common tags: Missing Update Known Vulnerabilities

Severity

High

Classification

CVE-2025-43790
CWE-639
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update
Known Vulnerabilities