{"id":70558,"date":"2025-09-20T01:31:39","date_gmt":"2025-09-19T22:01:39","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-43808-liferay-portal-commerce-virtual-product-information-disclosure\/"},"modified":"2025-09-20T01:31:39","modified_gmt":"2025-09-19T22:01:39","slug":"cve-2025-43808-liferay-portal-commerce-virtual-product-information-disclosure","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-43808-liferay-portal-commerce-virtual-product-information-disclosure\/","title":{"rendered":"CVE-2025-43808 &#8211; Liferay Portal Commerce Virtual Product Information Disclosure"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-43808<br \/>\n<br \/>\n<strong>Published : <\/strong> Sept. 19, 2025, 8:37 p.m. | 27\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>The Commerce component in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions saves virtual products uploaded to Documents and Media with guest view permission, which allows remote attackers to access and download virtual products for free via a crafted URL.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 6.9 | MEDIUM<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-43808 Published : Sept. 19, 2025, 8:37 p.m. | 27\u00a0minutes ago Description : The Commerce component in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions saves virtual products uploaded to Documents and Media &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-70558","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/70558","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=70558"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/70558\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=70558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=70558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=70558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}