PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-56421 LimeSurvey CVE debrief

CVE-2025-56421 is a SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710. This vulnerability allows a remote attacker to obtain sensitive information from the database. The CVE record was published on 2026-03-10T18:17:58.753Z and has not been modified since then. Users of LimeSurvey before v.6.15.4+250710 should apply the patch to prevent potential SQL injection attacks. The vulnerability has a CVSS score of 7.5 with a HIGH severity.

Vendor
LimeSurvey
Product
LimeSurvey
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-10
Original CVE updated
2026-07-05
Advisory published
2026-03-10
Advisory updated
2026-07-05

Who should care

Users of LimeSurvey before v.6.15.4+250710 should apply the patch to prevent potential SQL injection attacks. This includes operators, administrators, and security teams responsible for managing and securing LimeSurvey installations. Affected deployments should be identified and prioritized for patching to prevent potential SQL injection attacks.

Technical summary

The vulnerability exists in LimeSurvey before v.6.15.4+250710 and is classified as a SQL Injection vulnerability. This allows a remote attacker to obtain sensitive information from the database. The CVSS score is 7.5 with a HIGH severity. Users should review and apply the patch to prevent potential SQL injection attacks. The CVE record and NVD detail provide evidence of the vulnerability and its potential impact.

Defensive priority

High priority should be given to patching LimeSurvey installations before v.6.15.4+250710 to prevent potential SQL injection attacks. This is due to the high severity of the vulnerability and the potential impact on sensitive information in the database.

Recommended defensive actions

  • Apply the patch to LimeSurvey installations before v.6.15.4+250710
  • Review and update LimeSurvey to the latest version
  • Monitor for potential SQL injection attacks

Evidence notes

The CVE record and NVD detail provide evidence of the vulnerability and its potential impact. Users should review and apply the patch to prevent potential SQL injection attacks. The evidence is based on the supplied source corpus and defensive context. The vulnerability has a CVSS score of 7.5 with a HIGH severity, indicating a high level of severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-10T18:17:58.753Z and has not been modified since then.