CVE-2025-43793 is a medium-severity vulnerability affecting multiple versions of Liferay Portal and Liferay DXP, including 7.4.0 through 7.4.3.105, and various older unsupported versions. The vulnerability arises from improper validation of the specified quantity in input, specifically related to the identification of subdomains within domain names. This flaw causes the application to incorrectly parse subdomains, leading to the creation of a 'supercookie'. A supercookie is a cookie that can be accessed across multiple subdomains or even across different domains sharing the same top-level domain (TLD). In this case, remote attackers who control a website under the same TLD as the vulnerable Liferay instance can exploit this vulnerability to read cookies set by the Liferay application. This cookie leakage can lead to unauthorized access to sensitive session information or user data stored in cookies. The vulnerability does not require authentication or privileges and can be triggered remotely without user interaction, although user interaction is noted in the CVSS vector. The CVSS 4.0 base score is 6.9, indicating a medium severity with network attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact is primarily on confidentiality due to unauthorized cookie access, with no direct impact on integrity or availability. No known exploits are currently reported in the wild, and no official patches are linked yet. The root cause is classified under CWE-1284, which involves improper validation of specified quantity in input, here manifesting as incorrect domain parsing logic that enables cross-domain cookie access.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability poses a significant risk to user session confidentiality and data privacy. Since Liferay is widely used for enterprise portals, intranets, and customer-facing websites, unauthorized cookie access could lead to session hijacking, user impersonation, or leakage of sensitive information such as authentication tokens or personal data. This is particularly concerning under the GDPR framework, where unauthorized data exposure can lead to regulatory penalties and reputational damage. The ability for attackers to read cookies from domains sharing the same TLD means that organizations hosting multiple services under the same TLD or operating in multi-tenant environments could be at elevated risk. The vulnerability could also facilitate lateral movement or targeted attacks if attackers control malicious sites within the same TLD. Although no active exploitation is reported, the medium severity and ease of remote exploitation without privileges mean organizations should prioritize mitigation to protect user data and maintain compliance with European data protection laws.

1. Immediate mitigation should include reviewing and restricting cookie scope by setting the 'Domain' attribute explicitly to the most restrictive domain possible, avoiding broad TLD-level cookie settings. 2. Implement the 'HttpOnly' and 'Secure' flags on cookies to reduce the risk of client-side script access and ensure cookies are only transmitted over HTTPS. 3. Monitor and audit web server and application logs for unusual cookie access patterns or cross-domain requests that could indicate exploitation attempts. 4. Segment web applications and services across different TLDs or subdomains where feasible to reduce the attack surface. 5. Apply any forthcoming official patches from Liferay promptly once available. 6. Conduct internal security assessments focusing on cookie handling and domain parsing logic within the Liferay environment. 7. Educate developers and administrators on secure cookie management practices and the risks of improper domain validation. 8. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious cross-domain cookie access attempts. These steps go beyond generic advice by focusing on cookie scope management, domain segmentation, and proactive monitoring tailored to the nature of this vulnerability.