216.73.216.133

CVE-2025-41076

· Published 20/11/2025 15:17 · Modified 21/11/2025 19:54

Labels: CVE-2025-41076 2025-11-20CVE-2025-41076CWE-209[email protected]

Essential information

Published
20/11/2025 15:17
Modified
21/11/2025 19:54
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database engine, the table name 'lime_sessions', primary keys, and fragments of the content that caused the conflict. This information can simplify the collection of data about the internal architecture of the application by an attacker.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
limesurvey / limesurvey cpe:2.3:a:limesurvey:limesurvey:6.13.0:*:*:*:*:*:*:*

References