LimeSurvey Remote Code Execution Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

LimeSurvey Remote Code Execution Vulnerability

CVE-2025-56422

Summary

Attackers can execute malicious code on LimeSurvey installations prior to version 6.15.0+250623. This poses a risk to sensitive data and system integrity. Update to the latest version to address the issue.

Original title

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.

Original description

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

http://limesurvey.com
https://github.com/hongancalif/security-advisories/blob/main/CVE-2025-56422.md

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026