liquidfiles CVE Vulnerabilities & Metrics

Focus on liquidfiles vulnerabilities and metrics.

Last updated: 21 Aug 2025, 22:25 UTC

About liquidfiles Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with liquidfiles. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total liquidfiles CVEs: 7
Earliest CVE date: 25 Nov 2020, 03:15 UTC
Latest CVE date: 04 Aug 2025, 23:15 UTC

Latest CVE reference: CVE-2025-46094

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical liquidfiles CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.61

Max CVSS: 9.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	1
7.0-8.9	1
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS liquidfiles CVEs

These are the five CVEs with the highest CVSS scores for liquidfiles, sorted by severity first and recency.

CVE-2021-43397 liquidfiles Published on 11 Nov 2021, 05:15 UTC (CVSS: 9.0)
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.
CVE-2020-29071 liquidfiles Published on 25 Nov 2020, 03:15 UTC (CVSS: 8.5)
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.
CVE-2020-29072 liquidfiles Published on 25 Nov 2020, 03:15 UTC (CVSS: 4.3)
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.
CVE-2021-30140 liquidfiles Published on 06 Apr 2021, 16:15 UTC (CVSS: 3.5)
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5.
CVE-2025-46094 liquidfiles Published on 04 Aug 2025, 23:15 UTC (CVSS: 0)
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.

All CVEs for liquidfiles

CVE-2025-46094 liquidfiles vulnerability CVSS: 0 04 Aug 2025, 23:15 UTC

LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.

CVE-2025-46093 liquidfiles vulnerability CVSS: 0 04 Aug 2025, 23:15 UTC

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

CVE-2023-4393 liquidfiles vulnerability CVSS: 0 30 Oct 2023, 00:15 UTC

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

CVE-2021-43397 liquidfiles vulnerability CVSS: 9.0 11 Nov 2021, 05:15 UTC

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.

CVE-2021-30140 liquidfiles vulnerability CVSS: 3.5 06 Apr 2021, 16:15 UTC

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5.

CVE-2020-29072 liquidfiles vulnerability CVSS: 4.3 25 Nov 2020, 03:15 UTC

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.

CVE-2020-29071 liquidfiles vulnerability CVSS: 8.5 25 Nov 2020, 03:15 UTC

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.