CVE-2025-46093HIGH 8.8EPSS p38.7%

CVE-2025-46093CVE-2025-46093

Description

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.7% · 2026-06-19T12:03:05Z
Published2025-08-04
Last modified2025-08-07

Underlying weaknesses· 1

CWE-732

References

  1. https://docs.liquidfiles.com/release_notes/version_4-1-x.html
  2. https://gist.github.com/nikolai0x/f61a8bfcdaa244e0c46931d74d10c4ea
  3. https://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/
  4. https://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/

1

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-46001
CVE
CVE-2025-41735
CVE
CVE-2025-63994
CVE
CVE-2025-62630
CVE
CVE-2026-21628
CVE
CVE-2026-9645
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.