LimeSurvey: Hackers could steal database secrets

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

LimeSurvey: Hackers could steal database secrets

CVE-2025-56421 GHSA-rccq-2fxq-7x3h

Summary

The popular survey software LimeSurvey has a security weakness that could allow unauthorized access to sensitive information. This vulnerability affects LimeSurvey versions prior to 6.15.4. To protect your data, update LimeSurvey to the latest version or apply a patch as soon as possible.

What to do

Update limesurvey limesurvey to version 6.15.4.

Affected software

Vendor	Product	Affected versions	Fix available
limesurvey	limesurvey	<= 6.15.4	6.15.4

Original title

LimeSurvey is vulnerable to SQL injection

Original description

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.

nvd CVSS3.1 7.5

Vulnerability type

CWE-89 SQL Injection

http://limesurvey.com
https://github.com/hongancalif/security-advisories/blob/main/CVE-2025-56421.md
https://nvd.nist.gov/vuln/detail/CVE-2025-56421
https://github.com/LimeSurvey/LimeSurvey/pull/4328
https://github.com/LimeSurvey/LimeSurvey/commit/d6c3c780cdd17d5eef1c8c69ad0105be...
https://github.com/advisories/GHSA-rccq-2fxq-7x3h

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026