Vulnerability Details CVE-2025-41376
CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.8%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2025-41376
-
cpe:2.3:a:limesurvey:limesurvey:2.65.1
-
cpe:2.3:a:limesurvey:limesurvey:2.65.2
-
cpe:2.3:a:limesurvey:limesurvey:2.65.3
-
cpe:2.3:a:limesurvey:limesurvey:2.65.4
-
cpe:2.3:a:limesurvey:limesurvey:2.65.5
-
cpe:2.3:a:limesurvey:limesurvey:2.65.6
-
cpe:2.3:a:limesurvey:limesurvey:2.66.6
-
cpe:2.3:a:limesurvey:limesurvey:2.67.0
-
cpe:2.3:a:limesurvey:limesurvey:2.67.1
-
cpe:2.3:a:limesurvey:limesurvey:2.67.2
-
cpe:2.3:a:limesurvey:limesurvey:2.67.3
-
cpe:2.3:a:limesurvey:limesurvey:2.70.0
-
cpe:2.3:a:limesurvey:limesurvey:2.71.0
-
cpe:2.3:a:limesurvey:limesurvey:2.71.1
-
cpe:2.3:a:limesurvey:limesurvey:2.72.0
-
cpe:2.3:a:limesurvey:limesurvey:2.72.1
-
cpe:2.3:a:limesurvey:limesurvey:2.72.2
-
cpe:2.3:a:limesurvey:limesurvey:2.72.3
-
cpe:2.3:a:limesurvey:limesurvey:2.72.4
-
cpe:2.3:a:limesurvey:limesurvey:2.72.5
-
cpe:2.3:a:limesurvey:limesurvey:2.72.6
-
cpe:2.3:a:limesurvey:limesurvey:2.73.0
-
cpe:2.3:a:limesurvey:limesurvey:2.73.1