CVE-2025-46093

CRITICAL

9.9

Beschreibung

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

CVE Details

CVSS v3.1 Bewertung9.9

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht8/4/2025

Zuletzt geandert8/7/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

liquidfiles:liquidfiles

Schwachen (CWE)

CWE-732

Referenzen

https://docs.liquidfiles.com/release_notes/version_4-1-x.html(cve@mitre.org)

https://gist.github.com/nikolai0x/f61a8bfcdaa244e0c46931d74d10c4ea(cve@mitre.org)

https://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/(cve@mitre.org)

https://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.