CVE-2025-43750 is a medium severity vulnerability affecting multiple versions of Liferay Portal and Liferay DXP, specifically versions 7.4.0 through 7.4.3.132 and various 2024 and 2025 quarterly releases of Liferay DXP. The vulnerability is classified under CWE-434, which relates to the unrestricted upload of files with dangerous types. The core issue is that unauthenticated remote attackers (guests) can upload files through the form attachment field without proper validation. This lack of validation allows attackers to bypass MIME type checks and use extension obfuscation techniques to upload potentially malicious files. Because the upload mechanism does not adequately verify the file type or extension, attackers can upload files that may contain executable code or scripts, which could then be used to compromise the server or escalate privileges. The vulnerability does not require any authentication or privileges, making it accessible to any remote user. The CVSS 4.0 base score is 5.1, indicating a medium severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:A). The impact on confidentiality and integrity is low, but there is some impact on availability and scope is limited. No known exploits are currently reported in the wild, and no official patches are linked yet. This vulnerability poses a risk primarily through the potential for remote code execution or unauthorized file storage, which could lead to further exploitation if combined with other vulnerabilities or misconfigurations.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability could lead to unauthorized file uploads by unauthenticated attackers, potentially enabling webshell deployment or malicious script execution. This could compromise the confidentiality and integrity of sensitive data managed by the portal, disrupt service availability, and damage organizational reputation. Since Liferay is widely used for enterprise content management, intranet portals, and customer-facing websites, exploitation could affect business continuity and regulatory compliance, especially under GDPR where data protection is critical. The ability for unauthenticated users to upload files increases the risk of automated attacks and exploitation by opportunistic threat actors. Organizations in sectors such as finance, healthcare, government, and telecommunications, which often use Liferay for critical applications, may face increased risk of data breaches or service disruption. The medium severity rating suggests that while the vulnerability is serious, exploitation requires some user interaction (e.g., an attacker convincing a user to trigger the malicious file), which may limit immediate impact but still warrants prompt attention.

European organizations should implement the following specific mitigations: 1) Immediately review and restrict file upload permissions on Liferay portals, disabling guest uploads where not strictly necessary. 2) Apply strict server-side validation of uploaded files, including MIME type verification, file extension whitelisting, and content inspection to detect obfuscated or malicious files. 3) Employ web application firewalls (WAFs) with rules designed to detect and block suspicious file upload patterns and extension obfuscation attempts. 4) Monitor file upload directories for unauthorized or unexpected files and implement automated alerts for anomalous activity. 5) Restrict execution permissions on directories used for file uploads to prevent execution of uploaded scripts or binaries. 6) Keep Liferay Portal and DXP installations updated and monitor vendor advisories for official patches or hotfixes addressing this vulnerability. 7) Conduct regular security assessments and penetration testing focused on file upload functionalities. 8) Educate administrators and users about the risks of file uploads and enforce least privilege principles to minimize exposure.