CVE-2025-43764
📋 TL;DR
This vulnerability allows authenticated users with Kaleo Workflow update permissions to submit malicious regular expressions in the Role Name search field, causing their browser to hang indefinitely due to ReDoS (Regular expression Denial of Service). It affects Liferay Portal and DXP installations with vulnerable versions, requiring authenticated access to exploit.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Malicious authenticated users could cause persistent browser denial-of-service for themselves or potentially other users if the malicious input is shared, disrupting workflow management functionality.
Likely Case
Authenticated users with workflow permissions accidentally or intentionally entering complex regex patterns that cause their own browser sessions to become unresponsive.
If Mitigated
With proper access controls limiting Kaleo Workflow permissions to trusted users only, impact is limited to potential self-inflicted browser hangs.
🎯 Exploit Status
Exploitation requires understanding of ReDoS patterns and authenticated access with specific permissions. No privilege escalation or remote code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.132+; Liferay DXP 2024.Q4.2+, 2024.Q3.14+, 2024.Q2.14+, 2024.Q1.21+, 7.4 update 93+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43764
Restart Required: No
Instructions:
1. Download appropriate fix pack or service pack from Liferay Customer Portal. 2. Apply fix using Liferay's patching mechanism. 3. Verify patch application through version check.
🔧 Temporary Workarounds
Restrict Kaleo Workflow Permissions
allLimit 'Update' permission on Kaleo Workflows to only essential, trusted users to reduce attack surface.
Navigate to Control Panel > Roles > Define permissions for affected roles
Input Validation for Role Name Field
allImplement custom input validation to reject complex regex patterns in the Role Name search field.
Implement custom portlet with regex pattern validation before processing
🧯 If You Can't Patch
- Strictly limit Kaleo Workflow update permissions to minimal necessary users
- Monitor logs for unusual regex patterns in Role Name search queries
🔍 How to Verify
Check if Vulnerable:
Check Liferay version against affected ranges. Verify if Kaleo Designer portlet is accessible to authenticated users.Check Version:
Check Liferay build number via Control Panel > Server Administration > Properties or review liferay-home/portal-ext.propertiesVerify Fix Applied:
Confirm version is updated to patched versions listed above. Test Role Name search with complex regex patterns to ensure browser responsiveness.📡 Detection & Monitoring
Log Indicators:
- Unusually long processing times for Role Name search queries
- Repeated failed or hanging requests to Kaleo Designer portlet
Network Indicators:
- Extended HTTP sessions to /kaleo-designer endpoints with no completion
SIEM Query:
source="liferay" AND (uri_path="/kaleo-designer" OR portlet_id="kaleodesigner_WAR_kaleodesignerportlet") AND (duration>30s OR status="pending")