Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-56132

EPSS 2.62% · P86
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-56132

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2 introduces user-based lockout mechanisms to mitigate brute-force attacks, user enumeration remains possible by default. In versions prior to 4.2, no such user-level protection is in place, only basic IP-based rate limiting is enforced. This IP-based protection can be bypassed by distributing requests across multiple IPs (e.g., rotating IP or proxies). Effectively bypassing both login and password reset security controls. Successful exploitation allows an attacker to enumerate valid email addresses registered for the application, increasing the risk of follow-up attacks such as password spraying.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Liquidfiles 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Liquidfiles是美国Liquidfiles公司的一个用于公司和组织的大型安全文件传输和共享的存储服务。 Liquidfiles 4.2之前版本存在安全漏洞,该漏洞源于密码重置功能返回可区分响应,可能导致用户枚举攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2025-56132

#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/fredericgoossens/CVE-2025-56132-LiquidfilesPOC Details
2LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-56132.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-56132

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-09-30 · 21 CVEs total

CVE-2025-111489.8 CRITICALcheck-branches 安全漏洞
CVE-2025-111497.5 HIGHnode-static 安全漏洞
CVE-2024-55017Corezoid Process Engine 安全漏洞
CVE-2025-56392Collegetivity 安全漏洞
CVE-2025-56513NiceHash QuickMiner 安全漏洞
CVE-2025-56200validator.js 安全漏洞
CVE-2025-57254Hospital Management System 安全漏洞
CVE-2025-56520dify 安全漏洞
CVE-2025-56207Money Making Opportunity 安全漏洞
CVE-2025-56572Finance.js 安全漏洞
CVE-2025-56018SourceCodester Web-based Pharmacy Product Management System 安全漏洞
CVE-2025-56571Finance.js 安全漏洞
CVE-2025-55797FormCMS 安全漏洞
CVE-2025-56676TitanSystems Zender 安全漏洞
CVE-2025-56301Rocket Chip Generator 安全漏洞
CVE-2025-28016PHPGurukul User Registration & Login and User Management System 安全漏洞
CVE-2025-52043ERPNext 安全漏洞
CVE-2025-52047ERPNext 安全漏洞
CVE-2025-52049ERPNext 安全漏洞
CVE-2025-52050Frappe Technologies Frappe 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2025-56132

No comments yet

Leave a comment