Listmonk · Listmonk · CVE-2025-46011
**Name of the Vulnerable Software and Affected Versions**
Listmonk versions 2.4.0 through 4.1.0
**Description**
The issue allows attackers to escalate privileges through SQL Injection in the `QuerySubscribers` function.
**Recommendations**
For versions 2.4.0 through 4.1.0, consider disabling the `QuerySubscribers` function until a patch is available to prevent privilege escalation.