Low severityNVD Advisory· Published Sep 15, 2025· Updated Sep 16, 2025
CVE-2025-43798
CVE-2025-43798
Description
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay:com.liferay.multi.factor.authentication.timebased.otp.webMaven | < 2.0.25 | 2.0.25 |
Affected products
2- ghsa-coordsRange: < 2.0.25
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.