First published: Tue Feb 04 2025(Updated: )
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.
Credit: 596c5446-0ce5-4ba2-aa66-48b3b757a647
Affected Software | Affected Version | How to fix |
---|---|---|
cpp-httplib cpp-httplib | >=v0.17.3<=v0.18.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-0825 is considered high due to the potential for HTTP Response Splitting and subsequent attacks such as XSS.
To fix CVE-2025-0825, upgrade cpp-httplib to version v0.18.4 or later, which addresses the CRLF injection vulnerability.
CRLF injection in CVE-2025-0825 refers to the ability to manipulate HTTP response headers by injecting CRLF characters due to improper filtering.
Potential exploits of CVE-2025-0825 include HTTP Response Splitting and Cross-Site Scripting (XSS), which can compromise application security.
CVE-2025-0825 affects cpp-httplib versions v0.17.3 through v0.18.3.