CVE-2025-43745
📋 TL;DR
This CSRF vulnerability in Liferay Portal and DXP allows remote attackers to perform unauthorized actions on behalf of authenticated users by exploiting the endpoint parameter. Attackers can trick users into submitting malicious requests that execute actions with the user's privileges. All organizations running affected Liferay versions are vulnerable.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could perform administrative actions like creating new admin accounts, modifying content, changing configurations, or accessing sensitive data through authenticated user sessions.
Likely Case
Attackers would typically perform actions like content manipulation, user account modifications, or data extraction by tricking authenticated users into visiting malicious pages.
If Mitigated
With proper CSRF protections and security headers, the vulnerability would be blocked, preventing unauthorized cross-origin requests.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users into visiting malicious pages. The attacker needs to know or guess valid endpoint parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.133+; Liferay DXP 2025.Q2.8+, 2025.Q1.15+, 2024.Q4.8+, 2024.Q3.14+, 2024.Q2.14+, 2024.Q1.20+, and 7.4 update 93+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745
Restart Required: No
Instructions:
1. Download the appropriate patch from Liferay's customer portal. 2. Apply the patch using Liferay's patching tool. 3. Verify the patch was applied successfully. 4. Test critical functionality to ensure no regression.
🔧 Temporary Workarounds
Implement CSRF Protection Headers
allAdd SameSite cookie attributes and implement CSRF tokens to prevent cross-origin requests
Configure SameSite=Strict or Lax for session cookies
Enable CSRF token validation in Liferay configuration
🧯 If You Can't Patch
- Implement WAF rules to block suspicious cross-origin requests targeting Liferay endpoints
- Restrict access to Liferay administration interfaces to trusted networks only
🔍 How to Verify
Check if Vulnerable:
Check Liferay version via Control Panel → Configuration → Server Administration → System InformationCheck Version:
Check via Liferay Control Panel or examine liferay-portal.properties fileVerify Fix Applied:
Verify version is patched (7.4.3.133+ for Portal or corresponding DXP versions) and test CSRF protection by attempting cross-origin requests📡 Detection & Monitoring
Log Indicators:
- Multiple failed CSRF token validations
- Unusual endpoint parameter patterns in requests
- Requests with missing or invalid referrer headers
Network Indicators:
- Cross-origin requests to Liferay endpoints with suspicious parameters
- Requests lacking CSRF tokens from external domains
SIEM Query:
source_ip!=internal_network AND destination_port=8080 AND uri_contains="/api/" AND referrer_header NOT CONTAINS "liferay-domain"