CVE-2025-43785 is a stored cross-site scripting (XSS) vulnerability affecting multiple versions of Liferay Portal and Liferay DXP, specifically versions 7.4.3.45 through 7.4.3.128, and various 2024 Q1 and Q2 releases. The vulnerability arises due to improper neutralization of input during web page generation (CWE-79), allowing remote attackers to inject and execute arbitrary web scripts or HTML code within the context of the My Workflow Tasks page. This flaw enables an attacker to persist malicious scripts that execute whenever a legitimate user accesses the affected page, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 4.0 base score is 4.6 (medium severity), reflecting that the vulnerability can be exploited remotely over the network without authentication but requires high privileges and user interaction. The impact on confidentiality and integrity is low, with no direct impact on availability. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that remediation may still be pending or in progress. The vulnerability is significant because Liferay Portal is widely used as an enterprise web platform for content management and collaboration, making this a vector for attackers to compromise business workflows and user accounts if exploited.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data accessed via the My Workflow Tasks page. Attackers exploiting this XSS flaw could execute malicious scripts to steal session cookies, perform unauthorized actions, or deliver further malware payloads. This could lead to data breaches, unauthorized access to sensitive business processes, and erosion of trust in enterprise applications. Given that Liferay is often used in sectors such as government, finance, and healthcare across Europe, exploitation could disrupt critical workflows and expose personal or confidential information. However, the requirement for high privileges and user interaction somewhat limits the attack surface, reducing the likelihood of widespread automated exploitation. Still, targeted attacks against privileged users or administrators could have significant consequences.

European organizations should prioritize the following mitigation steps: 1) Monitor Liferay's official channels for security patches addressing CVE-2025-43785 and apply updates promptly once available. 2) Implement strict input validation and output encoding on all user-supplied data, especially within the My Workflow Tasks page, to prevent script injection. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 4) Limit user privileges to the minimum necessary, reducing the number of users with high privileges who can be targeted. 5) Educate users about the risks of interacting with suspicious links or content within the portal. 6) Conduct regular security assessments and penetration testing focused on web application vulnerabilities, including XSS. 7) Consider deploying web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting Liferay components. These measures collectively reduce the risk of exploitation until official patches are applied.