Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

LiquidFiles

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-46093
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.19%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 00:00
Updated-07 Aug, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

Action-Not Available
Vendor-liquidfilesLiquidFiles
Product-liquidfilesLiquidFiles
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-46094
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.8||LOW
EPSS-0.08% / 23.79%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 00:00
Updated-07 Aug, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.

Action-Not Available
Vendor-liquidfilesLiquidFiles
Product-liquidfilesLiquidFiles
CWE ID-CWE-24
Path Traversal: '../filedir'
CVE-2023-4393
Assigner-The Missing Link Australia (TML)
ShareView Details
Assigner-The Missing Link Australia (TML)
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 52.56%
||
7 Day CHG~0.00%
Published-29 Oct, 2023 | 23:13
Updated-25 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML and SMTP Injection in LiquidFiles

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

Action-Not Available
Vendor-liquidfilesLiquidFiles Pty Ltd
Product-liquidfilesLiquidFiles
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-147
Improper Neutralization of Input Terminators
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')