CVE-2025-0825
MEDIUM WAF: High
CVSS 5.3
Published: 2025-02-04
CWE-113
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.
WAF Coverage Analysis
HTTP Response Splitting
High WAF Coverage
OWASP: A03:2021 Injection
921xxx - Protocol Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| yhirose | cpp-httplib | 0.17.3 - 0.18.4 |
References
- advisory.checkmarx.net (Exploit, Third Party Advisory)
- github.com (Patch)