CNNVD-202508-2535 Information

CNNVD ID

CNNVD-202508-2535

Related CVE

CVE-2025-43747

• CNNVD Published: 2025-08-21

Description (Chinese)

Liferay DXP是美国Liferay公司的一套数字化体验协作平台。 Liferay DXP 2025.Q2.0至2025.Q2.3版本存在代码问题漏洞，该漏洞源于analytics.cloud.domain.allowed域名验证不安全，可能导致服务端请求伪造攻击。

Description (English)

Liferay DXP is a digitized experience collaborative platform for the American company Liferay. Riveray DXP 2025.Q2.0 to 2025.Q2.3 has a code problem loophole, which stems from the insecurity of authentication of domain names, which may lead to the request of the service to forge attacks.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Liferay

Published

2025-08-21

Last Modified

2026-02-24

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43747 https://nvd.nist.gov/vuln/detail/CVE-2025-43747

Patch

https://www.liferay.com/zh/downloads-community