CVE-2025-43775 is a stored cross-site scripting (XSS) vulnerability identified in Liferay Portal versions 7.4.0 through 7.4.3.128 and multiple versions of Liferay DXP from 2024.Q1.1 through 2024.Q3.5. The vulnerability arises due to improper neutralization of input during web page generation, specifically in the remote app title field. This flaw allows remote attackers to inject arbitrary web scripts or HTML code that gets stored and subsequently executed in the context of users accessing the affected portal pages. The vulnerability is classified under CWE-79, which pertains to improper sanitization of input leading to XSS attacks. The CVSS 4.0 base score is 4.6, indicating a medium severity level. The vector details reveal that the attack can be performed remotely without authentication (AV:N, PR:H indicates some privileges required but no authentication needed), requires user interaction (UI:A), and impacts confidentiality and integrity to a low extent (VC:L, VI:L), with no impact on availability. The scope is limited (SC:L), and there is no privilege escalation or safety impact. No known exploits are currently reported in the wild, and no patches or mitigation links are provided yet. This vulnerability can be exploited by submitting malicious scripts in the remote app title field, which when rendered by the portal, execute in the browsers of users viewing the affected content, potentially leading to session hijacking, defacement, or redirection to malicious sites.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability poses a risk of client-side attacks that can compromise user sessions, steal sensitive information, or perform unauthorized actions on behalf of users. Given that Liferay is widely used in enterprise intranets, government portals, and public-facing websites across Europe, exploitation could lead to data leakage, reputational damage, and regulatory non-compliance under GDPR if personal data is exposed. The medium severity score reflects moderate risk; however, the requirement for user interaction and some privilege level reduces the likelihood of widespread automated exploitation. Still, targeted attacks against high-value portals, such as government services, educational institutions, or large enterprises, could have significant operational and trust impacts. The stored nature of the XSS means that once injected, the malicious payload persists and can affect multiple users over time until remediated.

European organizations should prioritize the following mitigations: 1) Immediate review and sanitization of all user-supplied input fields, especially the remote app title field, using robust server-side encoding and validation libraries to neutralize scripts. 2) Deploy Content Security Policy (CSP) headers to restrict execution of unauthorized scripts and reduce impact of XSS payloads. 3) Implement strict input validation and output encoding consistent with OWASP guidelines for all web applications using Liferay Portal. 4) Monitor portal logs and user reports for suspicious activity indicative of XSS exploitation attempts. 5) Restrict privileges for users who can submit or modify remote app titles to minimize attack surface. 6) Engage with Liferay support or security advisories for patches or updates addressing this vulnerability and apply them promptly once available. 7) Conduct security awareness training for portal administrators and users to recognize and report suspicious content. 8) Consider deploying web application firewalls (WAFs) with custom rules to detect and block XSS payload patterns targeting the portal.