CVE-2025-46011 – Listmonk v4.1.0 contains a SQL injection vulner... (How to Fix)

Q: What is the severity of CVE-2025-46011?

CVE-2025-46011 has a CVSS score of 6.5 (MEDIUM). Listmonk v4.1.0 contains a SQL injection vulnerability in the QuerySubscribers function that allows attackers to execute arbitrary SQL commands. This can lead to privilege escalation and unauthorized access to sensitive data. All systems running Listmonk v4.1.0 are affected until patched.

📋 TL;DR

Listmonk v4.1.0 contains a SQL injection vulnerability in the QuerySubscribers function that allows attackers to execute arbitrary SQL commands. This can lead to privilege escalation and unauthorized access to sensitive data. All systems running Listmonk v4.1.0 are affected until patched.

💻 Affected Systems

Products:

Listmonk

Versions: v4.1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects v4.1.0 specifically. Earlier versions may have different vulnerabilities. Fixed in v5.0.0.

📦 What is this software?

Listmonk by Nadh

View all CVEs affecting Listmonk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access, exfiltrate all subscriber data, modify or delete database contents, and potentially achieve remote code execution.

🟠

Likely Case

Attackers extract sensitive subscriber information (emails, personal data), modify mailing lists, or escalate privileges to administrative accounts.

🟢

If Mitigated

Attackers are limited to data extraction from accessible database tables but cannot achieve full system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some authentication but SQL injection is straightforward once authenticated. Public proof-of-concept exists in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.0.0

Vendor Advisory: https://github.com/knadh/listmonk/releases/tag/v5.0.0

Restart Required: Yes

Instructions:

1. Backup your Listmonk database and configuration. 2. Stop the Listmonk service. 3. Download and install v5.0.0 from GitHub releases. 4. Run database migrations if required. 5. Restart the Listmonk service. 6. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation and parameterized queries for the QuerySubscribers endpoint

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns targeting the vulnerable endpoint

🧯 If You Can't Patch

Restrict network access to Listmonk administration interface to trusted IP addresses only
Implement database-level permissions to limit the impact of successful SQL injection

🔍 How to Verify

Check if Vulnerable:

Check Listmonk version via web interface or configuration files. If version is exactly 4.1.0, system is vulnerable.

Check Version:

Check the Listmonk web interface dashboard or examine the application configuration files for version information.

Verify Fix Applied:

Verify version is 5.0.0 or later. Test QuerySubscribers function with SQL injection test payloads to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by QuerySubscribers access
Administrative actions from non-admin accounts

Network Indicators:

SQL keywords in HTTP POST requests to QuerySubscribers endpoint
Unusual database connection patterns

SIEM Query:

source="listmonk_logs" AND ("QuerySubscribers" AND ("UNION" OR "SELECT *" OR "INSERT" OR "UPDATE" OR "DELETE"))

📊 Metadata

CVE ID: CVE-2025-46011

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-89

EPSS Score: 0.05% exploit probability (13.8th percentile)

Published: June 4, 2025

Last Updated: October 15, 2025

🔗 References

https://github.com/kevinroleke/security/tree/main/CVE-2025-46011 Third Party Advisory
https://github.com/knadh/listmonk/commit/4b805f885b9f5a20126ec06f8b59dc448c4af33b Patch
https://github.com/knadh/listmonk/issues/2412 Issue Tracking,Mitigation
https://github.com/knadh/listmonk/releases/tag/v4.1.0 Release Notes
https://github.com/knadh/listmonk/releases/tag/v5.0.0 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46011, you might also want to check these: