CVE-2025-41375

Critical CVSS: 9.3

SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint.

Vendor

Limesurvey

Product

Limesurvey

CWE

CWE-89

Yayın Tarihi

2025-08-01 13:15:27

Güncelleme

2026-01-30 21:45:13

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-89 Limesurvey CRITICAL Limesurvey 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey

Benzer Kayıtlar

High

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive informatio…

Critical

CVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code o…

Medium

CVE-2020-36993

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administr…

Medium

CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly.…

Medium

CVE-2025-41075

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. Th…

Medium

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed ses…