Unchecked Input for Loop Condition

CVE-2025-43801

Medium

6.9/10

Summary

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions and Liferay Portal Impl versions through 100.0.1, allows remote attackers to perform a Denial-of-Service (DoS) attacks via a crafted XML-RPC request.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-606 - Unchecked Input for Loop Condition

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Sep 16, 2025

Unchecked Input for Loop Condition

CVE-2025-43801

Summary

CWE-606 - Unchecked Input for Loop Condition

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS