CVE-2025-43765 is a stored cross-site scripting (XSS) vulnerability identified in Liferay Portal versions 7.4.0 through 7.4.3.131 and multiple versions of Liferay DXP from 2024.Q1.1 through 2024.Q4.0. This vulnerability arises due to improper neutralization of input during web page generation (CWE-79), allowing an unauthenticated remote attacker to inject malicious JavaScript code into text fields within web content. Because the injected script is stored persistently on the server, it can be executed in the browsers of users who view the affected content, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability does not require any authentication or user interaction to exploit, increasing its risk profile. The CVSS v4.0 base score is 6.9, indicating a medium severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low impact on confidentiality and integrity, but limited impact on availability. The vulnerability affects a widely used enterprise portal platform, which is often employed by organizations for intranet, extranet, and public-facing websites, making it a significant concern for organizations relying on Liferay Portal for their web infrastructure. No known exploits are currently reported in the wild, and no official patches or mitigation links are provided yet, emphasizing the need for proactive defensive measures.

For European organizations, the impact of this vulnerability can be substantial, especially for those using Liferay Portal as a core component of their web presence or internal collaboration platforms. Exploitation could lead to unauthorized access to sensitive information, compromise of user accounts, and potential lateral movement within corporate networks if session tokens or credentials are stolen. Public-facing portals could be leveraged to deliver malicious payloads to a broad user base, damaging organizational reputation and trust. Additionally, regulatory frameworks such as GDPR impose strict requirements on data protection and breach notification, so exploitation could result in legal and financial consequences. The medium severity rating suggests that while the vulnerability is serious, it may not lead to full system compromise on its own, but combined with other vulnerabilities or misconfigurations, it could escalate risk. The lack of authentication requirement increases the attack surface, making it easier for attackers to target European organizations without needing insider access.

Organizations should immediately audit their Liferay Portal deployments to identify affected versions and restrict access to vulnerable instances where possible. Until official patches are released, implement web application firewall (WAF) rules to detect and block suspicious input patterns indicative of XSS attacks targeting Liferay. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. Review and sanitize all user-generated content inputs rigorously, applying server-side validation and encoding to neutralize potentially malicious scripts. Monitor logs for unusual activity or injection attempts. Educate users about the risks of clicking on unexpected links or interacting with suspicious content. Plan for timely patching once vendor updates become available. Additionally, consider isolating critical portal functions and limiting privileges to reduce potential damage from successful exploitation.