exploitDog

CVE-2025-46093

Опубликовано: 04 авг. 2025

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

EPSS Низкий

Описание

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

Ссылки

https://docs.liquidfiles.com/release_notes/version_4-1-x.html
Release Notes
https://gist.github.com/nikolai0x/f61a8bfcdaa244e0c46931d74d10c4ea
Third Party Advisory
https://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/
Exploit
Third Party Advisory
https://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liquidfiles:liquidfiles:*:*:*:*:*:*:*:*

Версия до 4.1.2 (исключая)

EPSS

Процентиль: 25%

0.00085

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-x2r2-p764-47gc

CVSS3: 9.9

github

6 месяцев назад

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

EPSS

Процентиль: 25%

0.00085

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-732