CVE-2025-43763
Description
A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects custom object attachment fields. This flaw allows an attacker to manipulate the application into making unauthorized requests to other instances, creating new object entries that link to external resources.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay:com.liferay.object.serviceMaven | < 1.0.208 | 1.0.208 |
Affected products
2- Liferay/DXPv5Range: 2024.Q1.1
Patches
20adf32842d05LPD-43974 Fix validation, and add the same in the other method
1 file changed · +2 −6
modules/apps/object/object-service/src/main/java/com/liferay/object/internal/field/attachment/AttachmentManagerImpl.java+2 −6 modified@@ -145,7 +145,7 @@ public FileEntry getOrAddFileEntry( _dlAppLocalService.fetchFileEntryByExternalReferenceCode( groupId, externalReferenceCode); - if (fileEntry != null) { + if (fileEntry != null && companyId == fileEntry.getCompanyId()) { return fileEntry; } @@ -182,11 +182,7 @@ public FileEntry getOrAddFileEntry( _dlAppLocalService.fetchFileEntryByExternalReferenceCode( groupId, externalReferenceCode); - if (companyId != fileEntry.getCompanyId()) { - throw new NoSuchFileEntryException(); - } - - if (fileEntry != null) { + if (fileEntry != null && companyId == fileEntry.getCompanyId()) { return fileEntry; }
e5fe3f9e9916LPD-43974 Check that file or folder belongs to company
1 file changed · +10 −0
modules/apps/object/object-service/src/main/java/com/liferay/object/internal/field/attachment/AttachmentManagerImpl.java+10 −0 modified@@ -8,6 +8,8 @@ import com.liferay.document.library.kernel.exception.FileExtensionException; import com.liferay.document.library.kernel.exception.FileNameException; import com.liferay.document.library.kernel.exception.FileSizeException; +import com.liferay.document.library.kernel.exception.NoSuchFileEntryException; +import com.liferay.document.library.kernel.exception.NoSuchFolderException; import com.liferay.document.library.kernel.model.DLFolder; import com.liferay.document.library.kernel.model.DLFolderConstants; import com.liferay.document.library.kernel.service.DLAppLocalService; @@ -180,6 +182,10 @@ public FileEntry getOrAddFileEntry( _dlAppLocalService.fetchFileEntryByExternalReferenceCode( groupId, externalReferenceCode); + if (companyId != fileEntry.getCompanyId()) { + throw new NoSuchFileEntryException(); + } + if (fileEntry != null) { return fileEntry; } @@ -195,6 +201,10 @@ public FileEntry getOrAddFileEntry( _dlFolderService.getDLFolderByExternalReferenceCode( folderExternalReferenceCode, groupId); + if (dlFolder.getCompanyId() != companyId) { + throw new NoSuchFolderException(); + } + repositoryId = dlFolder.getRepositoryId(); folderId = dlFolder.getFolderId(); }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-477q-x55m-j38gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-43763ghsaADVISORY
- github.com/liferay/liferay-portal/commit/0adf32842d055f40accc8b341c4feb11a9728261ghsaWEB
- github.com/liferay/liferay-portal/commit/e5fe3f9e9916e66a896e7c321e641c6eabbf4daeghsaWEB
- liferay.atlassian.net/browse/LPE-18182ghsaWEB
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43763ghsaWEB
News mentions
0No linked articles in our index yet.