CVE-2025-43772 — Uncontrolled Resource Consumption in DXP

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.5%

top 33.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liferay DXP Liferay Portal

Timeline

PublishedSep 4

Description

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP request.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5liferay/portal7.0.0 — 7.4.3.5

▶CVEListV5liferay/dxp6.2.0 — portal-173+5

🔴Vulnerability Details

OSV

Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin↗2025-09-04

▶

GHSA

Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin↗2025-09-04

▶

CVEList

CVE-2025-43772: Kaleo Forms Admin in Liferay Portal 7↗2025-09-04

▶