Critical Vulnerability Information Vulnerability Identifier CVE-2025-43795 Vulnerability Description Open Redirect Vulnerability in System Settings: An open redirect vulnerability exists in the system settings of Liferay Portal and Liferay DXP, allowing remote attackers to redirect users to arbitrary external URLs via the parameter. Open Redirect Vulnerability in Instance Settings: An open redirect vulnerability exists in the instance settings of Liferay Portal and Liferay DXP, allowing remote attackers to redirect users to arbitrary external URLs via the parameter. Open Redirect Vulnerability in Site Settings: An open redirect vulnerability exists in the site settings of Liferay Portal and Liferay DXP, allowing remote attackers to redirect users to arbitrary external URLs via the parameter. Severity CVSS Score: 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N) Affected Versions Liferay Portal 7.1.0 to 7.4.3.101 Liferay DXP 2023.Q3.0 to 2023.Q3.4 Liferay DXP 7.4 GA to U92 Liferay DXP 7.3 GA to U35 and older unsupported versions Fixed Versions Liferay Portal 7.4.3.102 Liferay DXP 2024.Q1.1 Liferay DXP 2023.Q4.0 Liferay DXP 2023.Q3.5 Liferay DXP 7.3 U36 Acknowledgments Reported by Abderrahmane BOUNHIDJA Release Date November 4, 2024, 13:18:00 +0000