CVE-2025-46093

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-46093
Type cve
Published 2025-08-04T00:00:00.000Z
Modified 2025-08-04T22:25:21.372Z

Product Information

Vendor LiquidFiles
Product LiquidFiles
Version 0

CVSS Information

Base Score 9.9 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Analysis

AI Description LiquidFiles before 4.1.2 allows FTPDrop users to execute arbitrary code as root via FTP SITE CHMOD and Actionscript features. This is a critical vulnerability due to its potential impact on system security.
AI Severity High
AI Vendor LiquidFiles
AI Product LiquidFiles
AI Version before 4.1.2

Affected Products

  • LiquidFiles LiquidFiles 0

Additional Information

CWE List CWE-732
Source mitre

Description

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.