← back
CVE-2025-46093

CVE-2025-46093

CVSS 9.9 CRITICALEPSS 0.5%CWE-732
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.9EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
LiquidFiles · LiquidFiles

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.liquidfiles.com/release_notes/version_4-1-x.htmlhttps://gist.github.com/nikolai0x/f61a8bfcdaa244e0c46931d74d10c4eahttps://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/