CVE-2025-43767 – An open redirect vulnerability in Liferay Porta... (How to Fix)

Q: What is the severity of CVE-2025-43767?

CVE-2025-43767 has a CVSS score of 6.1 (MEDIUM). An open redirect vulnerability in Liferay Portal and DXP allows attackers to manipulate the /c/portal/edit_info_item parameter to redirect users to malicious websites. This affects Liferay Portal 7.4.3.86-7.4.3.131 and multiple DXP versions from 2024.Q1.1 through 2024.Q3.9. Users of affected versions who click on manipulated links are at risk.

📋 TL;DR

An open redirect vulnerability in Liferay Portal and DXP allows attackers to manipulate the /c/portal/edit_info_item parameter to redirect users to malicious websites. This affects Liferay Portal 7.4.3.86-7.4.3.131 and multiple DXP versions from 2024.Q1.1 through 2024.Q3.9. Users of affected versions who click on manipulated links are at risk.

💻 Affected Systems

Products:

Liferay Portal
Liferay DXP

Versions: Liferay Portal 7.4.3.86 through 7.4.3.131; Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 86 through update 92

Operating Systems: Any OS running Liferay

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to phishing sites that steal credentials or deliver malware, leading to account compromise, data theft, or ransomware infection.

🟠

Likely Case

Attackers use the redirect for phishing campaigns, tricking users into entering credentials on fake login pages or downloading malicious files.

🟢

If Mitigated

With proper user awareness training and URL validation controls, impact is limited to failed phishing attempts with minimal damage.

🌐 Internet-Facing: HIGH - Public-facing Liferay instances allow attackers to craft malicious URLs that can be distributed via email or social engineering.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via internal phishing, but attack surface is smaller than internet-facing systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (clicking a link) and knowledge of the vulnerable parameter. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Liferay Portal 7.4.3.132+; Liferay DXP 2024.Q3.10+, 2024.Q2.14+, 2024.Q1.13+, 7.4 update 93+

Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767

Restart Required: No

Instructions:

1. Download the appropriate patch from Liferay's customer portal. 2. Apply the patch according to Liferay's patching documentation. 3. Verify the fix by testing the redirect functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement a servlet filter or security rule to validate and sanitize redirect URLs in the edit_info_item parameter.

Implement custom filter in web.xml or use security framework rules

WAF Rule

all

Configure Web Application Firewall to block requests containing suspicious redirect parameters.

Add WAF rule: Block requests with 'redirect' parameter containing external domains

🧯 If You Can't Patch

Implement strict URL validation in application code to only allow relative URLs or trusted domains in redirect parameters.
Deploy network-level controls to block outbound connections to untrusted domains from Liferay servers.

🔍 How to Verify

Check if Vulnerable:

Test by accessing /c/portal/edit_info_item?redirect=http://evil.com and checking if redirect occurs. Use a test domain you control.

Check Version:

Check Liferay version via Control Panel → Configuration → Server Administration → System Information

Verify Fix Applied:

After patching, test the same redirect attempt - it should either be blocked or sanitized to a safe URL.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /c/portal/edit_info_item with external URLs in redirect parameter
Unusual redirect patterns in access logs

Network Indicators:

Outbound connections from Liferay server to suspicious domains following redirects

SIEM Query:

source="liferay-logs" AND uri="/c/portal/edit_info_item" AND query="*redirect=*"

📊 Metadata

CVE ID: CVE-2025-43767

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 0.03% exploit probability (9.1th percentile)

Published: August 23, 2025

Last Updated: December 12, 2025

🔗 References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43767 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43767, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Digital Experience Platform by Liferay

Liferay Portal by Liferay

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Filter

WAF Rule

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities