LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

VulnCheck KEV: CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

CVE-2023-4393

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...

EUVD-2020-21453

Malware in sbrugna...

EUVD-2020-21454

Malware in sbrugna...

EUVD-2021-17077

Malware in sbrugna...

Exploit for CVE-2025-56132

CVE-2025-56132 - LiquidFiles User Enumeration POC Vulnerab...

EUVD-2023-54257

Malicious code in bioql PyPI...

EUVD-2025-31771

Malicious code in bioql PyPI...

EUVD-2025-23563

Malicious code in bioql PyPI...

EUVD-2025-23554

Malicious code in bioql PyPI...

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

Liquidfiles 安全漏洞

Liquidfiles is a storage service for large, secure file transfers and sharing for companies and organizations from US-based Liquidfiles, Inc. A security vulnerability exists in Liquidfiles versions prior to 4.2, which stems from the password reset feature returning distinguishable responses that...

CVE-2025-56132

LiquidFiles pre-4.2 is affected by a user-enumeration vulnerability in the password reset flow. Distinguishable responses to valid vs. invalid emails allow unauthenticated attackers to enumerate registered users. Upgrading to 4.2+ remedies this with user-based lockout and less informative errors;...

CVE-2025-56132

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2...

CVE-2025-46094

LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...

CVE-2025-46093

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 setuid and setgid, which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration...