CVE-2025-43746

unknown

Published 2025-08-20 · Modified 2025-08-29

CVSS v3

—

CVSS v2

—

VIR risk

—

Description

Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact

Ecosystem	Package	Vulnerable	Fixed
Maven	com.liferay.portal:release.portal.bom	`>=7.4.0-ga1,<=7.4.3.132-ga132`
Maven	ccom.liferay:com.liferay.dynamic.data.mapping.web	`<5.0.122`	`5.0.122`

References

Verify integrity in audit chain (admin only). AS-IS.