CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0  in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS  attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
INCIBECNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
limesurveylimesurvey
6.13.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0