CVE-2025-43752 is a resource allocation vulnerability classified under CWE-770, affecting multiple versions of Liferay Portal and Liferay DXP, specifically versions 7.4.0 through 7.4.3.132 and various 2024 and 2025 quarterly releases. The vulnerability arises from the lack of limits or throttling on file uploads through object entries attachment fields. Attackers can exploit this by uploading an unlimited number of files, which are stored in the document_library component of the portal. This unchecked resource consumption can lead to denial of service (DoS) conditions by exhausting storage capacity or overwhelming system resources, effectively causing a potential distributed denial of service (DDoS) scenario. The vulnerability requires no authentication but does require user interaction (uploading files). The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, and limited impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability highlights a design flaw in resource management and input validation within Liferay Portal's file upload functionality, which could be leveraged to degrade service availability.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability poses a risk of service disruption through resource exhaustion. Organizations relying on Liferay for intranet portals, customer-facing websites, or document management may experience degraded performance or outages if attackers exploit this flaw to upload excessive files. This can impact business continuity, user experience, and potentially lead to reputational damage. Since Liferay is widely used in sectors such as government, education, and enterprise across Europe, the impact could be significant in environments where availability is critical. Additionally, the lack of authentication requirement lowers the barrier for exploitation, increasing risk exposure. However, the medium severity rating and absence of known exploits suggest the threat is moderate but warrants proactive mitigation to prevent potential denial of service attacks.

European organizations should implement specific controls to mitigate this vulnerability beyond generic advice: 1) Enforce strict file upload limits at the application or web server level, such as maximum number of files, total upload size, and rate limiting per user or IP address. 2) Implement input validation and sanitization to restrict file types and sizes accepted by the object entries attachment fields. 3) Monitor document_library storage usage and set alerts for unusual spikes in file uploads or storage consumption. 4) Employ web application firewalls (WAFs) with custom rules to detect and block abnormal upload patterns targeting Liferay portals. 5) Isolate Liferay document storage on separate volumes with quotas to prevent system-wide resource exhaustion. 6) Regularly update Liferay Portal and DXP to the latest versions once patches addressing this vulnerability are released. 7) Educate users and administrators about the risk and encourage reporting of suspicious upload activity. These targeted measures will help reduce the attack surface and improve resilience against exploitation of this resource exhaustion vulnerability.