CVE-2025-46093

Critical CVSS 9.9

Overview

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

CWE: CWE-732 Published: 2025-08-04T23:15:28.077

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.9 (CRITICAL)
Detected tags: rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags