CVE-2025-43786
📋 TL;DR
This vulnerability allows attackers to enumerate External Reference Codes (ERCs) in Liferay Portal/DXP by exploiting timing differences in server responses. Attackers can determine which ERCs exist in the application, potentially revealing sensitive information about object entries. Affected systems include Liferay Portal 7.4.0-7.4.3.128 and Liferay DXP 2024.Q3.0-2024.Q3.1, 2024.Q2.0-2024.Q2.13, 2024.Q1.1-2024.Q1.12, 2023.Q4.0, and 7.4 GA through update 92.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map all ERCs in the system, potentially revealing sensitive object metadata, internal structure, and facilitating further attacks by identifying valid targets.
Likely Case
Information disclosure allowing attackers to discover valid ERCs, which could be used for reconnaissance and planning subsequent attacks.
If Mitigated
Limited information leakage with no direct data exposure if proper network segmentation and access controls are implemented.
🎯 Exploit Status
Exploitation requires analyzing timing differences in server responses, which can be automated but requires multiple requests to enumerate ERCs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.129+, Liferay DXP 2024.Q3.2+, 2024.Q2.14+, 2024.Q1.13+, 2023.Q4.1+, 7.4 update 93+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43786
Restart Required: No
Instructions:
1. Download the appropriate fix pack from Liferay's customer portal. 2. Apply the fix pack according to Liferay's deployment documentation. 3. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Rate Limiting and WAF Rules
allImplement rate limiting and web application firewall rules to detect and block repeated requests with timing analysis patterns.
🧯 If You Can't Patch
- Implement strict network access controls to limit access to Liferay instances only to authorized users.
- Deploy web application firewall with rules to detect timing-based enumeration attempts.
🔍 How to Verify
Check if Vulnerable:
Check your Liferay version against affected versions. If running affected versions, assume vulnerable.Check Version:
Check Liferay Control Panel → Server Administration → Properties → liferay.versionVerify Fix Applied:
Verify the installed version is patched (7.4.3.129+ for Portal, appropriate fix pack for DXP). Test that timing differences for ERC requests are eliminated.📡 Detection & Monitoring
Log Indicators:
- Multiple rapid requests to ERC endpoints with similar patterns
- Unusual timing analysis patterns in access logs
Network Indicators:
- Repeated requests to ERC endpoints with incremental or pattern-based parameters
- Unusual timing patterns in HTTP responses
SIEM Query:
source="liferay" AND (uri="*ERC*" OR uri="*external-reference*" OR uri="*object*entry*") AND count > 100 within 5min