CVE-2025-41075
📋 TL;DR
This vulnerability in LimeSurvey 6.13.0 creates an infinite redirect loop when accessing the /optin endpoint directly. Attackers can exploit this to cause denial of service by exhausting server or client resources. Organizations running vulnerable LimeSurvey instances are affected.
💻 Affected Systems
- LimeSurvey
📦 What is this software?
Limesurvey by Limesurvey
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to resource exhaustion, potentially affecting all users of the LimeSurvey instance and causing browser crashes for clients.
Likely Case
Service degradation with intermittent availability issues and potential browser instability for users accessing the vulnerable endpoint.
If Mitigated
Minimal impact with proper network controls and monitoring in place to detect and block exploitation attempts.
🎯 Exploit Status
Exploitation requires only HTTP requests to the vulnerable endpoint, making it trivial to weaponize.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.13.1 or later
Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-limesurvey-0
Restart Required: Yes
Instructions:
1. Backup your LimeSurvey installation and database. 2. Download the latest version from the official LimeSurvey repository. 3. Replace the vulnerable files with the patched version. 4. Restart your web server. 5. Verify the fix by testing the /optin endpoint.
🔧 Temporary Workarounds
Block /optin endpoint at web server level
allConfigure web server to block or redirect requests to the vulnerable /optin endpoint
# Apache: RewriteRule ^/optin - [F]
# Nginx: location = /optin { return 403; }
Implement rate limiting
allConfigure rate limiting on the /optin endpoint to prevent DoS attacks
# Apache with mod_evasive: DOSPageCount 2
# Nginx: limit_req_zone $binary_remote_addr zone=optin:10m rate=1r/s;
🧯 If You Can't Patch
- Implement WAF rules to block or rate limit requests to /optin endpoint
- Monitor server logs for excessive requests to /optin and implement alerting
🔍 How to Verify
Check if Vulnerable:
Access http://your-limesurvey-instance/optin directly and observe if it creates an infinite redirect loopCheck Version:
Check the version.php file in LimeSurvey installation or use the admin interfaceVerify Fix Applied:
After patching, access the /optin endpoint and verify it no longer creates redirect loops📡 Detection & Monitoring
Log Indicators:
- Excessive 301/302 redirects from /optin endpoint
- High number of requests to /optin in short timeframes
- Increased server resource usage
Network Indicators:
- Multiple HTTP redirect responses from same endpoint
- Unusual traffic patterns to /optin endpoint
SIEM Query:
source="web_server_logs" AND (url="/optin" AND status="301" OR status="302") | stats count by src_ip