CNNVD-202508-272 Information

Aug 04, 2025 cve

CNNVD ID

CNNVD-202508-272

CVE-2025-46093

  • CNNVD Published: 2025-08-04

Description (Chinese)

Liquidfiles是美国Liquidfiles公司的一个用于公司和组织的大型安全文件传输和共享的存储服务。 Liquidfiles 4.1.2之前版本存在安全漏洞,该漏洞源于可能导致FTPDrop用户利用Actionscript功能和sudoers配置以root权限执行任意代码。

Description (English)

Liquidfiles is a large, secure file transfer and shared storage service for companies and organizations of the United States company Liquidfiles. There was a security loophole in the previous version of Liquidfiles 4.1.2, which could result in FTPDrop users using actioncript and sudoers configuration to execute any code with root privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Liquidfiles

Published

2025-08-04

Last Modified

2026-02-24

References

https://projectblack.io/blog/liquidfiles-vulnerability-authenticated-rce/ https://gist.github.com/nikolai0x/f61a8bfcdaa244e0c46931d74d10c4ea https://docs.liquidfiles.com/release_notes/version_4-1-x.html https://access.redhat.com/security/cve/cve-2025-46093

Patch

https://docs.liquidfiles.com/release_notes/version_4-2-x.html

Share on: