CVE-2025-41075

EPSS 0.02%
Veröffentlicht 20.11.2025 12:49:29
Zuletzt bearbeitet 21.11.2025 19:59:05
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS  attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Limesurvey ≫ Limesurvey Version6.13.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve-coordination@incibe.es	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-41075

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41075

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41075

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-41075