Severity by source
Sources disagree (Low–Critical)AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionGitHub Advisory
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the {{ env }} template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.
AnalysisAI
A security vulnerability in version 4.0.0 and (CVSS 9.0) that allows capturing of env variables. Risk factors: EPSS 41% exploitation probability, public PoC available. Vendor patch is available.
Technical ContextAI
Vulnerability type not specified by vendor. CVSS 9.0 indicates critical severity with likely remote exploitation vector. Affects version 4.0.0 and.
RemediationAI
Apply the vendor-supplied patch immediately.
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Rated high severity (CVSS 8.6), this vulnera
Stored XSS in Listmonk before version 6.0.0 allows authenticated users with campaign management permissions to inject ma
Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers
SQL injection in listmonk's subscriber export endpoint prior to version 6.2.0 allows a highly-privileged authenticated u
Listmonk versions 4.1.0 through 6.0.x contain authorization bypass vulnerabilities in list permission checks that allow
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Low| Product | Status |
|---|---|
| Container suse/sl-micro/6.0/baremetal-os-container:latest | Affected |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17462
GHSA-jc7g-x28f-3v3h