Bug 2391680 (CVE-2025-40927) - CVE-2025-40927 perl-cgi-simple: CGI::Simple response splitting flaw
Summary: CVE-2025-40927 perl-cgi-simple: CGI::Simple response splitting flaw
Keywords:
Status: NEW
Alias: CVE-2025-40927
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2391833 2391834
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-08-29 01:01 UTC by OSIDB Bzimport
Modified: 2025-09-02 14:19 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-08-29 01:01:15 UTC 
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw
This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.

Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.



As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.

The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.

Impact

By injecting %0A (newline) into a query string parameter, an attacker can:

  *  Break the current HTTP header
  *  Inject a new header or entire body
  *  Deliver a script payload that is reflected in the server’s response
That can lead to the following attacks:

  *  reflected XSS
  *  open redirect
  *  cache poisoning
  *  header manipulation
Note You need to log in before you can comment on or make changes to this bug.