CVE-2025-43773 – com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl

Package

Manager: maven
Name: com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl
Vulnerable Version: >=0 <6.0.93

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00047 pctl0.13826

Details

Liferay Portal allows improper access through the expandoTableLocalService Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.

Metadata

Created: 2025-08-29T21:32:02Z
Modified: 2025-08-29T22:07:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-876g-49r6-33qj/GHSA-876g-49r6-33qj.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-876g-49r6-33qj
Finding: F039
Auto approve: 1