CVE-2025-41376

Summary

CRLF Injection vulnerability in Limesurvey v2.65.1+170522.  This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC'.

Affected Software

VendorProductVersion RangeStatus
LimeSurveyLimeSurvey3.0affected

Weaknesses

  • CWE-93: CWE-93

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References