CWE
113 79 93
Advisory Published
Updated

CVE-2025-0825: CRLF injection in Cpp-httplib

First published: Tue Feb 04 2025(Updated: )

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

Credit: 596c5446-0ce5-4ba2-aa66-48b3b757a647

Affected SoftwareAffected VersionHow to fix
cpp-httplib cpp-httplib>=v0.17.3<=v0.18.3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2025-0825?

    The severity of CVE-2025-0825 is considered high due to the potential for HTTP Response Splitting and subsequent attacks such as XSS.

  • How do I fix CVE-2025-0825?

    To fix CVE-2025-0825, upgrade cpp-httplib to version v0.18.4 or later, which addresses the CRLF injection vulnerability.

  • What is CRLF injection in the context of CVE-2025-0825?

    CRLF injection in CVE-2025-0825 refers to the ability to manipulate HTTP response headers by injecting CRLF characters due to improper filtering.

  • What are the potential exploits of CVE-2025-0825?

    Potential exploits of CVE-2025-0825 include HTTP Response Splitting and Cross-Site Scripting (XSS), which can compromise application security.

  • Which versions of cpp-httplib are affected by CVE-2025-0825?

    CVE-2025-0825 affects cpp-httplib versions v0.17.3 through v0.18.3.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203