Primary

Context

LimeSurvey Infinite HTTP Redirects Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

An infinite HTTP redirect vulnerability has been identified in LimeSurvey version 6.13.0, specifically in the '/optin' endpoint. This vulnerability causes a redirect loop that the system cannot break, leading to a denial-of-service condition by exhausting server or client resources. The resulting service degradation can cause instability in web browsers.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by creating an infinite loop of HTTP redirects, which can exhaust server or client resources. This loop can degrade service performance or cause instability in web browsers.

Remediation

Users can upgrade to LimeSurvey version 6.15.0 to address this vulnerability.

Added: Nov 20, 2025, 3:30 PM

Updated: Nov 20, 2025, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.3

exploitability

7.6

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.3

exploitability

7.6

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LimeSurvey Infinite HTTP Redirects Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

LimeSurvey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating