{"id":68497,"date":"2025-08-20T20:32:10","date_gmt":"2025-08-20T17:02:10","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-43748-liferay-portal-cross-site-request-forgery-csrf\/"},"modified":"2025-08-20T20:32:10","modified_gmt":"2025-08-20T17:02:10","slug":"cve-2025-43748-liferay-portal-cross-site-request-forgery-csrf","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-43748-liferay-portal-cross-site-request-forgery-csrf\/","title":{"rendered":"CVE-2025-43748 &#8211; Liferay Portal Cross-Site Request Forgery (CSRF)"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-43748<br \/>\n<br \/>\n<strong>Published : <\/strong> Aug. 20, 2025, 3:15 p.m. | 1\u00a0hour ago<br \/>\n<br \/>\n<strong>Description : <\/strong>Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery<br \/>\n<br \/>\n<strong>Severity:<\/strong> 7.1 | HIGH<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-43748 Published : Aug. 20, 2025, 3:15 p.m. | 1\u00a0hour ago Description : Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-68497","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=68497"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68497\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=68497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=68497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=68497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}