Low severityNVD Advisory· Published Sep 12, 2025· Updated Sep 12, 2025
CVE-2025-43789
CVE-2025-43789
Description
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay:com.liferay.comment.webMaven | >= 6.0.2, < 6.1.4 | 6.1.4 |
Affected products
3Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-q86r-gwqc-jx85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-43789ghsaADVISORY
- github.com/liferay/liferay-portal/commit/576039619a12f28304c5153ad3fa5e39f00548b3ghsaWEB
- github.com/liferay/liferay-portal/commit/cb349be999396e97883e5fa7ccf2d226737779acghsaWEB
- github.com/liferay/liferay-portal/commit/dfdd81d51808e38098e9a3250f3c8819e0761377ghsaWEB
- github.com/liferay/liferay-portal/commit/e91daba3736ea30674f0beb5f6622c6df057d18bghsaWEB
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43789ghsaWEB
News mentions
0No linked articles in our index yet.