PatchSiren cyber security CVE debrief
CVE-2025-56421 LimeSurvey CVE debrief
CVE-2025-56421 is a SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710. This vulnerability allows a remote attacker to obtain sensitive information from the database. The CVE record was published on 2026-03-10T18:17:58.753Z and has not been modified since then. Users of LimeSurvey before v.6.15.4+250710 should apply the patch to prevent potential SQL injection attacks. The vulnerability has a CVSS score of 7.5 with a HIGH severity.
- Vendor
- LimeSurvey
- Product
- LimeSurvey
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-07-05
Who should care
Users of LimeSurvey before v.6.15.4+250710 should apply the patch to prevent potential SQL injection attacks. This includes operators, administrators, and security teams responsible for managing and securing LimeSurvey installations. Affected deployments should be identified and prioritized for patching to prevent potential SQL injection attacks.
Technical summary
The vulnerability exists in LimeSurvey before v.6.15.4+250710 and is classified as a SQL Injection vulnerability. This allows a remote attacker to obtain sensitive information from the database. The CVSS score is 7.5 with a HIGH severity. Users should review and apply the patch to prevent potential SQL injection attacks. The CVE record and NVD detail provide evidence of the vulnerability and its potential impact.
Defensive priority
High priority should be given to patching LimeSurvey installations before v.6.15.4+250710 to prevent potential SQL injection attacks. This is due to the high severity of the vulnerability and the potential impact on sensitive information in the database.
Recommended defensive actions
- Apply the patch to LimeSurvey installations before v.6.15.4+250710
- Review and update LimeSurvey to the latest version
- Monitor for potential SQL injection attacks
Evidence notes
The CVE record and NVD detail provide evidence of the vulnerability and its potential impact. Users should review and apply the patch to prevent potential SQL injection attacks. The evidence is based on the supplied source corpus and defensive context. The vulnerability has a CVSS score of 7.5 with a HIGH severity, indicating a high level of severity.
Official resources
-
CVE-2025-56421 CVE record
CVE.org
-
CVE-2025-56421 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-10T18:17:58.753Z and has not been modified since then.