CVE-2025-43766
📋 TL;DR
This vulnerability allows attackers to upload unrestricted files through Liferay's style books component, which are then processed within the environment, leading to arbitrary code execution. It affects Liferay Portal versions 7.4.0 through 7.3.3.131 and multiple Liferay DXP versions from 2024.Q1.1 through 2024.Q4.0. Organizations using these versions are at risk of complete system compromise.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative access, data exfiltration, lateral movement, and persistent backdoor installation.
Likely Case
Webshell deployment leading to data theft, privilege escalation, and further exploitation of internal systems.
If Mitigated
Limited impact due to network segmentation, strict file upload policies, and proper access controls preventing successful exploitation.
🎯 Exploit Status
Exploitation requires authenticated access to the style books component, but once accessed, file upload and execution is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.132+, Liferay DXP 2024.Q4.1+, 2024.Q3.14+, 2024.Q2.14+, 2024.Q1.13+, 7.4 update 93+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43766
Restart Required: Yes
Instructions:
1. Download the appropriate patch from Liferay's customer portal. 2. Apply the patch following Liferay's patch installation guide. 3. Restart the Liferay server. 4. Verify the patch was applied successfully.
🔧 Temporary Workarounds
Disable Style Books Component
allTemporarily disable the vulnerable style books component to prevent exploitation.
Navigate to Control Panel > Configuration > System Settings > Style Books and disable the component
Restrict File Upload Types
allConfigure web application firewall or server to block upload of executable file types.
Configure WAF rules to block .jsp, .jar, .war, .php, .exe, .sh file uploads to /style-books/* endpoints
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Liferay servers from critical systems
- Deploy web application firewall with rules blocking suspicious file upload patterns to style books endpoints
🔍 How to Verify
Check if Vulnerable:
Check Liferay version in Control Panel > Server Administration > Properties > liferay.versionCheck Version:
Check liferay.version property in portal-ext.properties or via Control PanelVerify Fix Applied:
Verify version is updated to patched version and test style books file upload functionality with restricted file types📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /style-books/* endpoints
- Execution of unexpected JSP/shell files
- Multiple failed upload attempts with executable extensions
Network Indicators:
- HTTP POST requests to style books endpoints with file uploads
- Outbound connections from Liferay server to unknown external IPs
SIEM Query:
source="liferay.log" AND (uri_path="/style-books/*" AND http_method="POST") AND (file_extension="jsp" OR file_extension="jar" OR file_extension="war" OR file_extension="php")