CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-43747

A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation is not distinguishing between trusted subdomains and malicious domains.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.4%

CVSS Severity

CVSS v3 Score 6.5

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43747

Products affected by CVE-2025-43747

Liferay » Digital Experience Platform » Version: 2025.q2.0

cpe:2.3:a:liferay:digital_experience_platform:2025.q2.0
Liferay » Digital Experience Platform » Version: 2025.q2.1

cpe:2.3:a:liferay:digital_experience_platform:2025.q2.1
Liferay » Digital Experience Platform » Version: 2025.q2.2

cpe:2.3:a:liferay:digital_experience_platform:2025.q2.2
Liferay » Digital Experience Platform » Version: 2025.q2.3

cpe:2.3:a:liferay:digital_experience_platform:2025.q2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-43747

Products

Pricing

Contact Us