Vulnerability Details CVE-2025-46011
Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.1%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/kevinroleke/security/tree/main/CVE-2025-46011
- https://github.com/knadh/listmonk/commit/4b805f885b9f5a20126ec06f8b59dc448c4af33b
- https://github.com/knadh/listmonk/issues/2412
- https://github.com/knadh/listmonk/releases/tag/v4.1.0
- https://github.com/knadh/listmonk/releases/tag/v5.0.0
Products affected by CVE-2025-46011
-
cpe:2.3:a:nadh:listmonk:2.4.0
-
cpe:2.3:a:nadh:listmonk:2.5.0
-
cpe:2.3:a:nadh:listmonk:2.5.1
-
cpe:2.3:a:nadh:listmonk:3.0.0
-
cpe:2.3:a:nadh:listmonk:4.0.0
-
cpe:2.3:a:nadh:listmonk:4.0.1
-
cpe:2.3:a:nadh:listmonk:4.1.0