CVE-2025-34120

HIGH

LimeSurvey <2.06+ Build 151014 - Info Disclosure

Title source: llm

Description

An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing attackers to specify arbitrary file paths using a crafted `datasupdateinfo` payload. The files are packaged in a ZIP archive and made available for download without authentication. This vulnerability can be exploited to read arbitrary files on the host system, including sensitive OS and configuration files.

Exploits (1)

metasploit WORKING POC

by Pichaya Morimoto, Christian Mehlmauer · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/limesurvey_file_download.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://packetstorm.news/files/id/180855

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/limesurvey_file_download.rb

[Various Sources] https://web.archive.org/web/20210123073627/https://www.limesurvey.org/blog/22-security/136-limesurvey-security-advisory-10-2015

[Vendor Advisory] https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-lime-survey/

[Third Party Advisory] https://www.vulncheck.com/advisories/limesurvey-unauthenticated-arbitrary-file-download

Scores

CVSS v4 8.7

EPSS 0.5018

EPSS Percentile 97.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-22 CWE-306

Status published

Products (1)

LimeSurvey GmbH/LimeSurvey 2.0+ - 2.06+ Build 151014

Published Jul 16, 2025

Tracked Since Feb 18, 2026