CVE-2025-43814 is a vulnerability identified in multiple versions of Liferay Portal and Liferay DXP, specifically affecting versions 7.4.0 through 7.4.3.112, older unsupported versions, and several 2023 Q3 and Q4 releases. The vulnerability is classified under CWE-201, which involves the insertion of sensitive information into sent data. In this case, the audit event logs within the affected Liferay products improperly record a user's password reminder answer. This sensitive information is then accessible to remote authenticated users through the audit events, potentially exposing password reminder answers that could be leveraged to compromise user accounts. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The CVSS vector indicates that the attack vector is network-based (AV:N), with low attack complexity (AC:L), no user interaction (UI:N), and requires high privileges (PR:H) to exploit. The vulnerability impacts confidentiality (VC:H), but not integrity or availability. No known exploits are currently reported in the wild, and no official patches or fixes have been linked yet. The issue stems from improper handling of sensitive data in audit logs, which are typically used for monitoring and forensic purposes but should not contain sensitive authentication information. This exposure could facilitate further attacks such as social engineering or password reset attacks if an attacker gains access to audit logs. The vulnerability affects a broad range of Liferay Portal and DXP versions, including both supported and unsupported releases, increasing the potential attack surface for organizations using these products.

For European organizations using Liferay Portal or Liferay DXP, this vulnerability poses a significant risk to user credential confidentiality. Since the password reminder answers are stored in audit logs accessible to remote authenticated users, attackers who have gained some level of access could escalate their privileges or move laterally by exploiting this information. This could lead to unauthorized account access, data breaches, and potential compliance violations under GDPR due to exposure of personal authentication data. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on Liferay for web portals or intranet services may face increased risk of targeted attacks. The exposure of password reminder answers undermines the security of secondary authentication mechanisms, potentially facilitating account takeover attacks. Additionally, audit logs are often assumed to be secure and used for incident response; their compromise could hinder forensic investigations and incident detection. The medium severity rating suggests that while exploitation requires authenticated access with high privileges, the impact on confidentiality is high, making it a concern for organizations with sensitive user data. The lack of known exploits in the wild provides some mitigation in the short term, but the broad affected version range and absence of patches increase the urgency for remediation.

European organizations should immediately review and restrict access to audit logs within Liferay Portal and DXP environments to minimize exposure of sensitive information. Access controls should be enforced to ensure only trusted administrators can view audit events. Organizations should monitor audit logs for unusual access patterns that could indicate exploitation attempts. It is critical to upgrade affected Liferay versions to the latest available releases once patches addressing this vulnerability are released by the vendor. Until patches are available, consider disabling or limiting audit logging of sensitive events if feasible, or implementing log redaction techniques to exclude password reminder answers from logs. Conduct a thorough review of user privilege assignments to reduce the number of users with high privileges that could exploit this vulnerability. Additionally, organizations should educate users about the risks of password reminder answers and encourage the use of stronger secondary authentication methods such as multi-factor authentication (MFA) to reduce reliance on password reminders. Regularly audit and rotate credentials associated with Liferay Portal to limit the impact of any potential compromise. Finally, maintain up-to-date incident response plans to quickly address any detected exploitation attempts.