CVE-2025-0825

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-0825
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0825.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-0825
Downstream
Published
2025-02-04T15:15:19.420Z
Modified
2026-02-26T09:19:00.632221Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

References

Affected packages

Git / github.com/yhirose/cpp-httplib

Affected ranges

Type
GIT
Repo
https://github.com/yhirose/cpp-httplib
Events
Introduced
61c418048d8b0e42cc55e908c1c2da1e2f617f86
Fixed
54f8a4d0f34acb3cc508e337d9881296b70201ad

Affected versions

v0.*
v0.17.3
v0.18.0
v0.18.1
v0.18.2
v0.18.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0825.json"