CVE-2025-56132
Published: 30 September 2025
Summary
CVE-2025-56132 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Liquidfiles Liquidfiles. Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 14.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
LiquidFiles filetransfer server contains a user enumeration vulnerability in its password reset functionality, where the application returns distinguishable responses for valid versus invalid email addresses. This affects all versions prior to 4.2, which rely solely on basic IP-based rate limiting, while version 4.2 adds user-based lockout mechanisms that are not enabled by default. The issue is tracked as CWE-305 with a CVSS 3.1 score of 7.3.
Unauthenticated attackers can exploit the flaw by submitting password reset requests and observing response differences to confirm the existence of registered accounts. The IP-based controls present before version 4.2 can be bypassed through request distribution across multiple IPs or proxies, enabling enumeration that facilitates follow-on attacks such as password spraying.
Release notes for version 4.2 document the addition of user-level lockout protections, though enumeration remains possible under default settings. The EPSS score rose from a low baseline to a peak of 0.0783 on 2026-02-03 before receding to the current value of 0.0241, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31771
Vulnerability details
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2 introduces user-based…
more
lockout mechanisms to mitigate brute-force attacks, user enumeration remains possible by default. In versions prior to 4.2, no such user-level protection is in place, only basic IP-based rate limiting is enforced. This IP-based protection can be bypassed by distributing requests across multiple IPs (e.g., rotating IP or proxies). Effectively bypassing both login and password reset security controls. Successful exploitation allows an attacker to enumerate valid email addresses registered for the application, increasing the risk of follow-up attacks such as password spraying.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.