Vulnerability Details CVE-2025-41076
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database engine, the table name 'lime_sessions', primary keys, and fragments of the content that caused the conflict. This information can simplify the collection of data about the internal architecture of the application by an attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.7%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2025-41076
-
cpe:2.3:a:limesurvey:limesurvey:6.13.0