Description

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.

Remediation

References

CVE-2025-56422

Related Vulnerabilities

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.49)

WordPress Plugin Survey Maker-Best WordPress Survey Unspecified Vulnerability (3.2.0)

WordPress 4.3.x PHP Object Injection (4.3 - 4.3.25)

WordPress Plugin 301 Redirects-Easy Redirect Manager SQL Injection (2.50)

WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)

Severity

Critical

Classification

CVE-2025-56422 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities