CVE-2025-46011

Medium CVSS: 6.5

Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.

Vendor

Product

CWE

Yayın Tarihi

2025-06-04 20:15:23

Güncelleme

2025-10-15 17:54:53

Source Identifier

cve@mitre.org

KEV Date Added

CWE-89 Listmonk MEDIUM Nadh 2025

https://github.com/kevinroleke/security/tree/main/CVE-2025-46011 https://github.com/knadh/listmonk/commit/4b805f885b9f5a20126ec06f8b59dc448c4af33b https://github.com/knadh/listmonk/issues/2412 https://github.com/knadh/listmonk/releases/tag/v4.1.0 https://github.com/knadh/listmonk/releases/tag/v5.0.0

Medium

CVE-2026-21483

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged use…

High

CVE-2025-58430

listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every…

Critical

CVE-2025-49136

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to versi…