CVE-2025-43795 is an open redirect vulnerability (CWE-601) affecting multiple versions of Liferay Portal and Liferay DXP, specifically versions 7.1.0 through 7.4.3.101, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35, as well as older unsupported versions. The vulnerability exists in three key configuration areas of the portal: System Settings, Instance Settings, and Site Settings. Attackers can exploit this flaw by manipulating specific URL parameters (_com_liferay_configuration_admin_web_portlet_SystemSettingsPortlet_redirect, _com_liferay_configuration_admin_web_portlet_InstanceSettingsPortlet_redirect, and _com_liferay_site_admin_web_portlet_SiteSettingsPortlet_redirect) to redirect users to arbitrary external URLs. This redirection can be leveraged in phishing attacks or to bypass security controls by making malicious URLs appear to originate from a trusted Liferay portal domain. The vulnerability requires no authentication and no privileges, and user interaction is necessary to trigger the redirect. The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low complexity, no privileges required, but requiring user interaction and resulting in low confidentiality and integrity impact. No known exploits are currently reported in the wild. The vulnerability does not directly compromise system integrity or availability but poses a significant risk to user trust and can facilitate social engineering attacks.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability can undermine user trust and lead to successful phishing or social engineering campaigns. Attackers can craft URLs that appear to originate from legitimate corporate portals, redirecting users to malicious sites that may harvest credentials or deliver malware. This is particularly concerning for sectors with high reliance on Liferay for intranet portals, customer engagement platforms, or digital experience management, such as finance, government, healthcare, and telecommunications. The open redirect can also be used to bypass web filters or security gateways that whitelist the Liferay domain, increasing the risk of downstream compromise. While the vulnerability does not allow direct system compromise, the indirect effects through user deception can lead to data breaches or credential theft. Given the widespread use of Liferay in Europe, the impact can be significant if not mitigated promptly.

European organizations should immediately audit their Liferay Portal and DXP installations to identify affected versions. Since no official patches are linked yet, temporary mitigations include: 1) Implement strict input validation and sanitization on the redirect parameters to ensure only internal or trusted URLs are allowed. 2) Configure web application firewalls (WAFs) to detect and block suspicious redirect parameter values or patterns indicative of open redirect attempts. 3) Educate users about the risks of clicking on unexpected links, especially those that redirect through corporate portals. 4) Monitor web server logs for unusual redirect parameter usage to detect potential exploitation attempts. 5) Plan for timely updates once official patches become available from Liferay. Additionally, consider implementing Content Security Policy (CSP) headers to restrict navigation to trusted domains and employ multi-factor authentication to reduce the impact of credential theft stemming from phishing.