{"id":"CVE-2025-41375","details":"SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint.","modified":"2026-04-10T05:26:29.596392Z","published":"2025-08-01T13:15:27.257Z","references":[{"type":"ADVISORY","url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/limesurvey/limesurvey","events":[{"introduced":"d74e427319990e9ed933166109771da1020f8d7e"},{"fixed":"2ef1525baed6eb977b5aa50ed02b26bb072a483c"}],"database_specific":{"versions":[{"introduced":"2.65.1"},{"fixed":"3.0.0"}]}}],"versions":["2.65.0+170522","2.65.1+170522","2.65.2+170606","2.65.4+170612","2.66.6+170619","2.67.0+170622","2.67.1+170626","2.67.2+170719","2.67.2+170728","2.67.3+170728","2.71.0+170925","2.71.1+170927","2.72.0+171010","2.72.2+171017","2.72.3+171020","2.72.4+171110","2.72.5+171121","2.72.6+171207","2.73.0+171219"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-41375.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}