CVE-2025-43805
📋 TL;DR
This vulnerability allows remote attackers to view display page templates in Liferay Portal/DXP without proper authorization checks. Attackers can exploit this by crafting specific URLs to access templates they shouldn't have permission to view. Affected systems include Liferay Portal 7.3.0-7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1-2023.Q3.4, 7.4 GA-update 92, and 7.3 GA-update 35.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive display page templates containing configuration data, business logic details, or proprietary template designs, potentially enabling further attacks or intellectual property theft.
Likely Case
Unauthorized viewing of display page templates, which may reveal internal structure, custom configurations, or template metadata that could aid in reconnaissance for other attacks.
If Mitigated
Limited exposure of non-sensitive template information with minimal operational impact if proper network segmentation and access controls are in place.
🎯 Exploit Status
Exploitation requires crafting specific URLs but does not require authentication. Attackers need to know or guess template identifiers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.112+, Liferay DXP 2023.Q4.1+, 2023.Q3.5+, 7.4 update 93+, 7.3 update 36+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43805
Restart Required: No
Instructions:
1. Backup your Liferay instance. 2. Apply the appropriate patch from Liferay's customer portal. 3. Verify the patch was applied successfully. 4. Test functionality to ensure no regression.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict access to Liferay administration interfaces and template management URLs to authorized users only using network controls.
Web Application Firewall Rules
allImplement WAF rules to block requests to display page template endpoints from unauthorized sources.
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to Liferay instances
- Monitor access logs for unusual template viewing patterns and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check your Liferay version against affected ranges. Attempt to access display page templates via crafted URLs without proper permissions.Check Version:
Check Liferay Control Panel → Server Administration → Properties → liferay.versionVerify Fix Applied:
After patching, verify the version is updated and test that unauthorized users cannot access display page templates via URL manipulation.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to display page template endpoints
- Failed authorization attempts followed by successful template access
Network Indicators:
- HTTP requests to template endpoints from unexpected sources
- Patterns of URL manipulation attempts
SIEM Query:
source="liferay-logs" AND (uri CONTAINS "/display-page-template" OR uri CONTAINS "/template/") AND response_code=200 AND user_role!="admin"