CVE-2025-41075 | THREATINT

Description

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-20 | Updated 2025-11-20 | Assigner INCIBE

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

Default status

unaffected

6.13.0

affected

Credits

Julen Garrido Estevez finder

References

www.incibe.es/...aviso/multiple-vulnerabilities-limesurvey-0

cve.org (CVE-2025-41075)

nvd.nist.gov (CVE-2025-41075)

Download JSON