CVE-2025-41075

Published: Nov 20, 2025

Modified: Nov 20, 2025

PUBLISHED

Description

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.

Vendor	Product	Versions
LimeSurvey	LimeSurvey	affected `6.13.0`

Weaknesses (CWE)

CWE-835

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-41075

Description

Affected Products

Weaknesses (CWE)

References