CVE-2025-43767 is an Open Redirect vulnerability (CWE-601) identified in multiple versions of the Liferay Portal product, specifically versions 7.4.3.86 through 7.4.3.131, and various 2024 quarterly releases of Liferay DXP (2024.Q1.1 through 2024.Q3.9) as well as 7.4 updates 86 through 92. The vulnerability exists in the /c/portal/edit_info_item endpoint's redirect parameter, which improperly handles URL redirection. An attacker can craft a malicious URL that leverages this parameter to redirect users to an untrusted, potentially malicious external site. This type of vulnerability is commonly exploited in phishing attacks, where users are tricked into clicking seemingly legitimate links that lead to harmful websites, potentially resulting in credential theft, malware installation, or other social engineering exploits. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector details show that the attack requires no privileges (PR:N), no authentication (AT:N), but does require user interaction (UI:A). The vulnerability impacts confidentiality and integrity to a limited extent (VC:L, VI:L), with no impact on availability. No known exploits are currently reported in the wild, and no patches are linked in the provided data, suggesting that remediation may still be pending or available through vendor updates. Given the widespread use of Liferay Portal in enterprise environments, this vulnerability poses a risk primarily through social engineering and redirection to malicious sites, rather than direct system compromise.

For European organizations, the impact of this vulnerability can be significant in terms of user trust and potential data compromise through phishing campaigns. Liferay Portal is widely used in various sectors including government, education, and private enterprises across Europe, often serving as a central platform for intranet portals, content management, and collaboration. Successful exploitation could lead to users being redirected to malicious sites designed to harvest credentials or distribute malware, potentially resulting in unauthorized access to sensitive systems or data breaches. This could damage organizational reputation, lead to regulatory non-compliance under GDPR if personal data is compromised, and increase the risk of subsequent attacks leveraging stolen credentials. While the vulnerability itself does not allow direct system takeover, the indirect consequences through social engineering and credential theft can be severe. The requirement for user interaction means that user awareness and training are critical components of risk mitigation.

Organizations should prioritize updating Liferay Portal to the latest patched versions as soon as they become available from the vendor to address this vulnerability. In the absence of immediate patches, administrators can implement strict input validation and URL whitelisting on the redirect parameters to prevent redirection to untrusted domains. Web Application Firewalls (WAFs) can be configured to detect and block suspicious redirect attempts. Additionally, organizations should enhance user awareness training focusing on phishing risks and the dangers of clicking on unexpected links, especially those involving redirects. Monitoring web server logs for unusual redirect patterns can help detect exploitation attempts. Employing multi-factor authentication (MFA) can mitigate the impact of credential theft resulting from phishing. Finally, organizations should review and tighten their portal's security policies and consider implementing Content Security Policy (CSP) headers to reduce the risk of malicious content execution.