7.2
CVE-2025-6175
- EPSS 0.2%
- Veröffentlicht 29.07.2025 12:22:21
- Zuletzt bearbeitet 05.06.2026 15:16:42
- Quelle iletisim@usom.gov.tr
- CVE-Watchlists
- Unerledigt
CRLF Injection in DECE Software's Geodi
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.
This issue affects Geodi: before GEODI Setup 9.0.146.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerDECE Software
≫
Produkt
Geodi
Default Statusunaffected
Version
0
Version <
GEODI Setup 9.0.146
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.099 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| iletisim@usom.gov.tr | 7.2 | 3.9 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
https://www.usom.gov.tr/bildirim/tr-25-0182
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0182