CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.9%

CVSS Severity

CVSS v3 Score 5.3

References

https://advisory.checkmarx.net/advisory/CVE-2025-0825/
https://github.com/yhirose/cpp-httplib/commit/9c36aae4b73e2b6e493f4133e4173103c9266289

Products affected by CVE-2025-0825

Yhirose » Cpp-Httplib » Version: 0.17.3

cpe:2.3:a:yhirose:cpp-httplib:0.17.3
Yhirose » Cpp-Httplib » Version: 0.18.0

cpe:2.3:a:yhirose:cpp-httplib:0.18.0
Yhirose » Cpp-Httplib » Version: 0.18.1

cpe:2.3:a:yhirose:cpp-httplib:0.18.1
Yhirose » Cpp-Httplib » Version: 0.18.2

cpe:2.3:a:yhirose:cpp-httplib:0.18.2
Yhirose » Cpp-Httplib » Version: 0.18.3

cpe:2.3:a:yhirose:cpp-httplib:0.18.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-0825

Products

Pricing

Contact Us