CVE-2025-0825

Published: Feb 4, 2025

Modified: May 23, 2025

PUBLISHED

Description

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

Vendor	Product	Versions
Unknown	cpp-httplib	affected `v0.17.3 - <= v0.18.3`

Weaknesses (CWE)

CWE-113

References

https://github.com/yhirose/cpp-httplib/commit/9c36aae4b73e2b6e493f4133e4173103c9266289

patch

https://advisory.checkmarx.net/advisory/CVE-2025-0825/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-0825

Description

Affected Products

Weaknesses (CWE)

References