CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-43798

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.3%

CVSS Severity

CVSS v3 Score 6.5

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43798

Products affected by CVE-2025-43798

Liferay » Digital Experience Platform » Version: 2023.q3.1

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1
Liferay » Digital Experience Platform » Version: 2023.q3.2

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2
Liferay » Digital Experience Platform » Version: 2023.q3.3

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3
Liferay » Digital Experience Platform » Version: 2023.q3.4

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4
Liferay » Digital Experience Platform » Version: 2023.q4.0

cpe:2.3:a:liferay:digital_experience_platform:2023.q4.0
Liferay » Digital Experience Platform » Version: 7.3

cpe:2.3:a:liferay:digital_experience_platform:7.3
Liferay » Digital Experience Platform » Version: 7.4

cpe:2.3:a:liferay:digital_experience_platform:7.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-43798

Products

Pricing

Contact Us