CVE-2025-41074

EPSS 0.02%
Veröffentlicht 20.11.2025 12:47:05
Zuletzt bearbeitet 21.11.2025 20:00:55
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0  in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS  attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Limesurvey ≫ Limesurvey Version6.13.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve-coordination@incibe.es	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-41074

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41074

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41074

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-41074