CVE-2025-43799 is a medium-severity vulnerability affecting multiple versions of Liferay Portal and Liferay DXP, including 7.4.0 through 7.4.3.111, 7.4 GA through update 92, 7.3 GA through update 35, and several 2023 quarterly releases. The core issue stems from the use of default passwords and insufficient enforcement of password changes upon initial login. Specifically, the affected Liferay versions do not restrict access to certain APIs before a user changes their initial password. This flaw allows remote unauthenticated attackers to access and modify content via the API endpoints without needing valid credentials or user interaction. The vulnerability is classified under CWE-1393, which relates to the use of default passwords that are not changed or enforced to be changed, leading to unauthorized access. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and limited impact on confidentiality and integrity (VC:L, VI:L). There is no known exploit in the wild at the time of publication. The vulnerability affects the confidentiality and integrity of content managed through the Liferay Portal APIs, potentially allowing attackers to manipulate or exfiltrate sensitive data. Since Liferay Portal is widely used as an enterprise web platform for content management and collaboration, this vulnerability could be leveraged to compromise organizational web portals and intranet sites.

For European organizations, the impact of CVE-2025-43799 can be significant, especially for those relying on Liferay Portal for critical business functions such as content management, internal communications, and customer engagement platforms. Unauthorized API access could lead to unauthorized content modification, data leakage, or defacement of public-facing websites. This could damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR violations if personal data is exposed), and disrupt business operations. The fact that no authentication or user interaction is required increases the risk of automated exploitation attempts, potentially enabling widespread attacks. Organizations in sectors such as government, finance, healthcare, and education, which often use Liferay for their portals, may face heightened risks due to the sensitivity of their data and the criticality of their services. Additionally, the vulnerability could be exploited as a foothold for further lateral movement within networks, increasing the overall threat landscape.

To mitigate this vulnerability, European organizations should immediately audit their Liferay Portal deployments to identify affected versions. Since no official patches or updates are linked in the provided data, organizations should enforce the following measures: 1) Implement strict policies requiring users to change default passwords before any API access is granted, potentially by disabling API access until password change is confirmed. 2) Restrict API access at the network level using firewalls or API gateways to limit exposure to trusted IP addresses or VPNs. 3) Enable multi-factor authentication (MFA) for all user accounts to reduce the risk of unauthorized access even if default credentials are used. 4) Monitor API usage logs for unusual or unauthorized access patterns, and implement alerting for suspicious activities. 5) Consider deploying web application firewalls (WAFs) with rules tailored to detect and block unauthorized API calls. 6) Engage with Liferay support or security advisories regularly to obtain and apply official patches once available. 7) Conduct user awareness training emphasizing the importance of changing default passwords and secure credential management. These steps go beyond generic advice by focusing on access control enforcement, network-level restrictions, and proactive monitoring tailored to this specific vulnerability.