Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN535 _____________________________________________________________________ DATE : 21/08/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Liferay Portal, Liferay DXP versions prior to 2025.Q2.9, 2025.Q1.16. ===================================================================== https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43745 https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43737 https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43738 https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43740 https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-43744 _____________________________________________________________________ CVE-2025-43745 CSRF vulnerability in 'endpoint' parameter Description A CSRF vulnerability in Liferay Portal and Liferay DXP allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter. Severity 6.9 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) Affected Version(s) Liferay Portal 7.4.0 through 7.4.3.132 Liferay DXP 2025.Q2.0 through 2025.Q2.7 Liferay DXP 2025.Q1.0 through 2025.Q1.15 Liferay DXP 2024.Q4.0 through 2024.Q4.7 Liferay DXP 2024.Q3.1 through 2024.Q3.13 Liferay DXP 2024.Q2.0 through 2024.Q2.13 Liferay DXP 2024.Q1.1 through 2024.Q1.19 Liferay DXP 7.4 GA through U92 Fixed Version(s) Liferay Portal fixed on master branch Liferay DXP 2025.Q2.8 Liferay DXP 2025.Q1.16 Acknowledgments This issue was reported by NDIx Publication date: Tue, 05 Aug 2025 19:51:00 +0000 _____________________________________________________________________ CVE-2025-43737 Reflected XSS through JournalPortlet backUrl parameter Description A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal and Liferay DXP allows a remote authenticated user to inject JavaScript code via _com_liferay_journal_web_portlet_JournalPortlet_backURL parameter. Severity 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N) Affected Version(s) Liferay Portal 7.4.0 through 7.4.3.132 Liferay DXP 2025.Q2.0 through 2025.Q2.8 Liferay DXP 2025.Q1.0 through 2025.Q1.15 Fixed Version(s) Liferay Portal fixed on master branch Liferay DXP 2025.Q2.9 Liferay DXP 2025.Q1.16 Acknowledgments This issue was reported by NDIx Publication date: Mon, 11 Aug 2025 17:06:00 +0000 _____________________________________________________________________ CVE-2025-43738 Reflected XSS via ExpandoPortlet displayType parameter Description A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal and Liferay DXP allows a remote authenticated user to inject JavaScript code via _com_liferay_expando_web_portlet_ExpandoPortlet_displayType parameter. Severity 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N) Affected Version(s) Liferay Portal 7.4.0 through 7.4.3.132 Liferay DXP 2025.Q2.0 through 2025.Q2.8 Liferay DXP 2025.Q1.0 through 2025.Q1.15 Liferay DXP 2024.Q4.0 through 2024.Q4.7 Liferay DXP 2024.Q3.1 through 2024.Q3.13 Liferay DXP 2024.Q2.1 through 2024.Q2.13 Liferay DXP 2024.Q1.1 through 2024.Q1.19 Fixed Version(s) Liferay Portal fixed on master branch Liferay DXP 2025.Q2.9 Liferay DXP 2025.Q1.16 Acknowledgments This issue was reported by NDIx Publication date: Thu, 14 Aug 2025 16:07:00 +0000 _____________________________________________________________________ CVE-2025-43740 Stored XSS in message boards feature Description A Stored cross-site scripting vulnerability in the Liferay Portal and Liferay DXP allows an remote authenticated attacker to inject JavaScript through the message boards feature available via the web interface. Severity 4.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) Affected Version(s) Liferay Portal 7.4.3.120 through 7.4.3.132 Liferay DXP 2025.Q2.0 through 2025.Q2.8 Liferay DXP 2025.Q1.0 through 2025.Q1.15 Liferay DXP 2024.Q4.0 through 2024.Q4.7 Liferay DXP 2024.Q3.1 through 2024.Q3.13 Liferay DXP 2024.Q2.1 through 2024.Q2.13 Liferay DXP 2024.Q1.9 through 2024.Q1.19 Fixed Version(s) Liferay Portal fixed on master branch Liferay DXP 2025.Q2.9 Liferay DXP 2025.Q1.16 Acknowledgments This issue was reported by NDIx Publication date: Thu, 14 Aug 2025 16:35:00 +0000 _____________________________________________________________________ CVE-2025-43744 Stored DOM-Based XSS in the Asset Publisher configuration UI Description A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal and Liferay DXP exists in the Asset Publisher configuration UI within the Source.js module. This vulnerability allows attackers to inject arbitrary JavaScript via DDM structure field labels which are then inserted into the DOM using innerHTML without proper encoding. Severity 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) Affected Version(s) Liferay Portal 7.4.0 through 7.4.3.132 Liferay DXP 2025.Q2.0 through 2025.Q2.5 Liferay DXP 2025.Q1.0 through 2025.Q1.15 Liferay DXP 2024.Q4.0 through 2024.Q4.7 Liferay DXP 2024.Q3.0 through 2024.Q3.13 Liferay DXP 2024.Q2.0 through 2024.Q2.13 Liferay DXP 2024.Q1.1 through 2024.Q1.19 Liferay DXP 7.4 GA through update 92 Fixed Version(s) Liferay Portal fixed on master branch Liferay DXP 2025.Q2.6 Liferay DXP 2025.Q1.16 Acknowledgments This issue was reported by NDIx Publication date: Fri, 15 Aug 2025 12:36:00 +0000 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================