CVE-2025-43819 is an Insufficient Session Expiration vulnerability (CWE-613) affecting multiple versions of the Liferay Portal and Liferay DXP products, specifically versions 7.4.3.121 through 7.3.3.131 and various 2024 quarterly releases of Liferay DXP. The vulnerability allows a remote attacker without authentication to reuse an old user session token via the Single Logout (SLO) API. This indicates that session tokens are not properly invalidated or expired after logout or session termination, enabling session replay attacks. The attacker can potentially hijack a valid user session by reusing stale session tokens, leading to unauthorized access to user accounts or sensitive information. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low attack complexity, no user interaction, but requiring some privileges (PR:L) and partial impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet. The vulnerability stems from improper session management and insufficient enforcement of session expiration policies in the SLO API implementation of Liferay Portal and DXP. This flaw could be exploited remotely without user interaction, making it a significant risk for organizations relying on Liferay for portal or digital experience management.

For European organizations using Liferay Portal or DXP, this vulnerability poses a risk of unauthorized access through session replay attacks. Attackers could gain access to user accounts, potentially exposing sensitive corporate data, internal communications, or customer information. This could lead to data breaches, compliance violations (e.g., GDPR), and reputational damage. Since Liferay is widely used in enterprise portals, intranet sites, and customer-facing platforms, exploitation could disrupt business operations and erode trust. The medium severity score suggests moderate impact, but the ease of remote exploitation without user interaction increases risk. Organizations in sectors with high regulatory scrutiny or handling sensitive personal data (finance, healthcare, government) are particularly vulnerable. Additionally, session hijacking could facilitate lateral movement within networks or privilege escalation if combined with other vulnerabilities.

Organizations should immediately review their Liferay Portal and DXP deployments to identify affected versions and prioritize upgrades to patched versions once available. In the absence of official patches, temporary mitigations include disabling or restricting access to the SLO API to trusted networks or authenticated users only. Implementing strict session timeout policies and monitoring session token usage for anomalies can help detect potential abuse. Employing Web Application Firewalls (WAFs) to detect and block suspicious session reuse attempts is advisable. Additionally, organizations should enforce multi-factor authentication (MFA) to reduce the impact of session hijacking. Regular security audits and penetration testing focusing on session management controls in Liferay environments will help identify residual risks. Finally, user education about secure logout practices and session handling can reduce exposure.