Cybersecurity professionals recently uncovered a serious vulnerability in Liferay Portal. The CVE-2025-43796 vulnerability allows remote attackers to execute denial-of-service (DoS) attacks. This issue can significantly affect organizations that rely on this platform for web applications.

Incident Overview

This vulnerability affects Liferay Portal versions 7.4.0 through 7.4.3.101 and Liferay DXP from 2023.Q3.0 to 2023.Q3.4. The core problem lies in the application not limiting the number of objects returned by GraphQL queries. This oversight can enable attackers to craft queries that, when executed, can consume excessive resources, thereby leading to a DoS condition.

Impact on Server Administrators and Hosting Providers

For server admins and hosting providers, this vulnerability can lead to significant downtime and degraded service performance. Such conditions could result in revenue loss and damage to reputation. Given that many businesses depend on Liferay for their web applications, prompt action is imperative.

Mitigation Steps

• Upgrade to the latest version of Liferay Portal or DXP, which includes fixes for this vulnerability.
• Implement query limits in GraphQL to control the number of objects returned.
• Regularly monitor server logs for unusual activity, especially patterns indicative of a brute-force attack.
• Consider employing a web application firewall to add an extra layer of protection against such attacks.

It’s crucial to stay ahead of security threats. Strengthening server security not only protects your infrastructure but also builds trust with your users. To actively secure your systems and prevent future incidents, consider trying BitNinja’s free 7-day trial. Discover how our platform can enhance your server security through proactive measures.