Description

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is unable to break the redirect loop, which can cause service degradation or browser instability.

Remediation

References

CVE-2025-41074

Related Vulnerabilities

MongoDb Improper Input Validation Vulnerability (CVE-2020-7925)

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)

WordPress Plugin Sticky Menu, Sticky Header (or anything!) on Scroll Cross-Site Request Forgery (2.2)

Squid Stack-based Buffer Overflow Vulnerability (CVE-2025-59362)

SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-49704)

Severity

High

Classification

CVE-2025-41074 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities