User Enumeration Vulnerability in LiquidFiles File Transfer Server
CVE-2025-56132

7.3HIGH

Key Information:

Vendor: LiquidFiles
Status: File Transfer Server
Vendor: CVE Published:; 30 September 2025

🔔 Create LiquidFiles Vulnerability Alert

What is CVE-2025-56132?

The LiquidFiles File Transfer Server exposes a vulnerability in its password reset functionality due to inconsistent responses for valid and invalid email addresses. This flaw allows unauthenticated attackers to identify existing user accounts, significantly increasing the risk of subsequent follow-up attacks. Although version 4.2 introduces user-based lockout mechanisms to better protect against brute-force attacks, user enumeration remains a concern by default, leaving earlier versions without sufficient protection. Prior to 4.2, basic IP-based rate limiting offered minimal security, which can easily be circumvented through the use of multiple IP addresses or proxies. Such exploits endanger the integrity of user accounts by facilitating the enumeration of valid email addresses.

References

https://docs.liquidfiles.com/release_notes/version_4-2-x....

https://www.liquidfiles.com/updates/v4.2.html

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Aug 16, 2025

CVE-2025-56132 Data

JSON