CVE-2025-41376

Medium CVSS: 5.1

CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC'.

Vendor

Limesurvey

Product

Limesurvey

CWE

CWE-93

Yayın Tarihi

2025-08-01 13:15:27

Güncelleme

2026-01-30 21:44:53

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-93 Limesurvey MEDIUM Limesurvey 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey

Benzer Kayıtlar

High

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive informatio…

Critical

CVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code o…

Medium

CVE-2020-36993

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administr…

Medium

CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly.…

Medium

CVE-2025-41075

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. Th…

Medium

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed ses…