CVE-2025-46011: Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
Description
Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
Classification
CVE ID: CVE-2025-46011
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 7.42% (scored less or equal to compared to others)
EPSS Date: 2025-06-05 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46011https://github.com/kevinroleke/security/tree/main/CVE-2025-46011