Unrated severityOSV Advisory· Published Feb 4, 2025· Updated May 23, 2025
CRLF injection in Cpp-httplib
CVE-2025-0825
Description
cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v0.17.3, v0.18.0, v0.18.1, …+ 1 more
- (no CPE)range: v0.17.3, v0.18.0, v0.18.1, …
- (no CPE)range: >=0.17.3, <=0.18.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.