CVE-2025-43814
📋 TL;DR
This vulnerability allows remote authenticated users to view password reminder answers through audit event logs in affected Liferay versions. This affects Liferay Portal 7.4.0-7.4.3.112 and Liferay DXP 2023.Q4.0-2023.Q4.8, 2023.Q3.1-2023.Q3.10, and 7.4 GA-update 92. Attackers could use this information to reset passwords or gain unauthorized access.
💻 Affected Systems
- Liferay Portal
- Liferay DXP
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain password reminder answers, reset user passwords, gain unauthorized access to sensitive systems, and potentially escalate privileges to compromise the entire Liferay instance.
Likely Case
Authenticated attackers access password reminder answers for targeted users, potentially enabling account takeover through password reset mechanisms.
If Mitigated
With proper access controls and monitoring, impact is limited to information disclosure without enabling successful account takeover.
🎯 Exploit Status
Requires authenticated user access. Exploitation involves accessing audit event logs where password reminder answers are recorded.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Liferay Portal 7.4.3.113+, Liferay DXP 2023.Q4.9+, 2023.Q3.11+, 7.4 update 93+
Vendor Advisory: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43814
Restart Required: No
Instructions:
1. Download the appropriate fix pack from Liferay's customer portal. 2. Apply the fix pack following Liferay's update documentation. 3. Verify the update was successful by checking version.
🔧 Temporary Workarounds
Disable audit logging for password reminder answers
allConfigure audit logging to exclude password reminder answer fields from being recorded.
Navigate to Control Panel > Configuration > Audit. Modify audit configuration to exclude password reminder answer fields.
Restrict audit event access
allLimit which authenticated users can access audit event logs through role-based permissions.
Navigate to Control Panel > Users > Roles. Modify permissions for roles to restrict access to audit events.
🧯 If You Can't Patch
- Implement strict access controls to limit who can view audit events
- Monitor audit logs for unusual access patterns to password reminder answer fields
🔍 How to Verify
Check if Vulnerable:
Check if password reminder answers appear in audit event logs for user password-related actions.Check Version:
Check Liferay version in Control Panel > Server Administration > Properties or via server logs.Verify Fix Applied:
After patching, verify that password reminder answers no longer appear in audit event logs.📡 Detection & Monitoring
Log Indicators:
- Audit log entries containing password reminder answer text
- Multiple audit log accesses by single user in short timeframe
Network Indicators:
- Increased requests to audit event APIs
- Patterns of accessing user password-related audit events
SIEM Query:
source="liferay" AND (event_type="audit" AND message CONTAINS "password reminder answer")