CVE-2025-43816: CWE-401 Missing Release of Memory after Effective Lifetime in Liferay Portal
A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.
CVE-2025-43816: CWE-401 Missing Release of Memory after Effective Lifetime in Liferay Portal
Description
A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API endpoint.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Liferay
- Date Reserved
- 2025-04-17T10:55:35.684Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68d5da079e21be37e937d058
Added to database: 9/26/2025, 12:10:47 AM
Last updated: 9/26/2025, 12:10:47 AM
Views: 1
Related Threats
CVE-2025-21056: CWE-20 Improper Input Validation in Samsung Mobile Retail Mode
MediumCVE-2025-59422: CWE-284: Improper Access Control in langgenius dify
MediumCVE-2025-10467: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System)
HighCVE-2025-59841: CWE-384: Session Fixation in FlagForgeCTF flagForge
CriticalCVE-2025-55557: n/a
UnknownActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.