CVE-2025-56556
published 2025-09-11CVE-2025-56556: An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the…
PriorityP417low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.19%
8.4th percentile
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliants | subrion | 0 – 4.2.1 | — |
| intelliants | subrion_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
osv·2025-09-11
CVE-2025-56556 [MEDIUM] Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool.
GHSA
Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
ghsa·2025-09-11
CVE-2025-56556 [MEDIUM] CWE-566 Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-11
Published