CVE-2025-0825 MEDIUM

CVE-2025-0825: CRLF injection in Cpp-httplib

Weakness CWE-113 · HTTP response splitting
Published February 4, 2025
Last update May 23, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

Key dates

02Disclosure timeline

February 4, 2025 CVE published
May 23, 2025 Record updated

Related vulnerabilities

04Related CVE