CVE-2025-49136

Name of the Vulnerable Software and Affected Versions Listmonk versions 4.0.0 through 5.0.2

Description Listmonk is a standalone, self-hosted, newsletter and mailing list manager. The env and expandenv template functions, enabled by default in Sprig, allow capturing of environment variables on the host. This may not be a problem on single-user installations, but on multi-user installations, non-super-admin users with campaign or template permissions can use the {{ env }} template expression to capture sensitive environment variables.

Recommendations For Listmonk versions 4.0.0 through 5.0.2, upgrade to version 5.0.2 to mitigate the issue. As a temporary workaround, consider disabling the env and expandenv template functions in Sprig to prevent the capture of sensitive environment variables. Restrict access to the template expression {{ env }} to minimize the risk of exploitation.