CVE-2025-43798 LOW

CVE-2025-43798

Vendor Liferay
Product DXP
Weakness CWE-304
Published September 15, 2025
Last update September 16, 2025

CVSS base score

2.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.

Key dates

02Disclosure timeline

September 15, 2025 CVE published
September 16, 2025 Record updated