CVE Catalog
CVE-2025-56422
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk0.85%
54th percentile - higher than 54% of all known CVEs
Summary
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
Risk Assessment
An attacker can take control of the server, leading to compromise of confidentiality, integrity, and availability of data and the system.
Recommendation
Immediately update LimeSurvey to version 6.15.0+250623 or later.
Original NVD description (English source)
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.

