← back
CVE-2025-46093

CVE-2025-46093

CVSS 9.9 CRITICALEPSS 0.5%CWE-732
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
LiquidFiles · LiquidFiles

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.liquidfiles.com/release_notes/version_4-1-x.htmlhttps://gist.github.com/nikolai0x/f61a8bfcdaa244e0c46931d74d10c4eahttps://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/