CVE-2025-43798

216.73.216.36

· Published 15/09/2025 21:15 · Modified 16/09/2025 12:49

Labels: CVE-2025-43798 2025-09-15 CVE-2025-43798 CWE-304 [email protected]

Essential information

Published: 15/09/2025 21:15
Modified: 16/09/2025 12:49
Author: —
Creator: —
CVSS: 2.1 LOW (v3) 2.1 LOW (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
liferay / liferay dxp	`cpe:2.3:a:liferay:liferay_dxp:2023.Q4.0:::::::*`
liferay / liferay dxp	`cpe:2.3:a:liferay:liferay_dxp:2023.Q3.1-2023.Q3.4:::::::*`
liferay / liferay portal	`cpe:2.3:a:liferay:liferay_portal:7.4::update_92::::::*`
liferay / liferay portal	`cpe:2.3:a:liferay:liferay_portal:7.3::update_35::::::*`