Multiple vulnerabilities in Limesurvey_CVE-2025-41074

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Description

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.

Basic Information

ID CVE-2025-41074

Source INCIBE

Published Nov 20, 2025 at 12:47

Modified Nov 20, 2025 at 18:32

Affected Product

Vendor LimeSurvey

Product LimeSurvey

Version 6.13.0

Affected Versions LimeSurvey LimeSurvey 6.13.0

CWE Classification

CWE-835

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0

{
    "lastseen": "",
    "description": "Vulnerability in LimeSurvey 6.13.0  in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS  attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.",
    "published": "2025-11-20T12:47:05.559Z",
    "modified": "2025-11-20T18:32:02.751Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in Limesurvey",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0",
    "id": "CVE-2025-41074",
    "bulletinFamily": "",
    "cwe": [
        "CWE-835"
    ],
    "cvelist": null,
    "sourceData": "LimeSurvey LimeSurvey 6.13.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LimeSurvey",
    "version": "6.13.0",
    "vendor": "LimeSurvey",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}