CVE Catalog

CVE-2025-56422

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.85%

54th percentile - higher than 54% of all known CVEs

Summary

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.

Risk Assessment

An attacker can take control of the server, leading to compromise of confidentiality, integrity, and availability of data and the system.

Recommendation

Immediately update LimeSurvey to version 6.15.0+250623 or later.

Original NVD description (English source)

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS