Privilege Escalation Vulnerability in Subrion CMS by Intelliants
CVE-2025-56556

3.8LOW

Key Information:

Vendor

Intelliants

Status
Subrion CMS
Vendor
CVE Published:
11 September 2025

What is CVE-2025-56556?

A vulnerability has been identified in Subrion CMS version 4.2.1, where authenticated administrators and moderators can exploit the built-in Run SQL Query feature within the SQL Tool section of the admin panel. This oversight permits unauthorized privilege escalation, enabling users to execute unauthorized SQL commands, potentially compromising the integrity and security of the system. It is crucial for administrators to review their access controls and limit permissions for users accessing this feature to mitigate the risk.

References

https://github.com/intelliants/subrion/issues/913

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.