Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library
CVSS
No CVSS.
References
Configurations
No configuration.
History
No history.
Information
Published : 2025-08-20 13:15
Updated : 2025-08-20 14:39
NVD link : CVE-2025-43749
Mitre link : CVE-2025-43749
CVE.ORG link : CVE-2025-43749
JSON object : View
Products Affected
No product.
CWE
CWE-552
Files or Directories Accessible to External Parties