Home > Vulnerability Database > CVE-2025-59151

Mend.io Vulnerability Database

CVE-2025-59151

Good to know:

Date: October 27, 2025

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When a request is made to a file ending with the .lp extension, the application performs a redirect without properly sanitizing the input. An attacker can inject carriage return and line feed characters (%0d%0a) to manipulate both the headers and the content of the HTTP response. This enables the injection of arbitrary HTTP response headers, potentially leading to session fixation, cache poisoning, and the weakening or bypassing of browser-based security mechanisms such as Content Security Policy or X-XSS-Protection. This vulnerability is fixed in 6.3.

Severity Score

8.2

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59151

Url: https://github.com/pi-hole/web/security/advisories/GHSA-5v79-p56f-x7c4

Url: https://www.mend.io/vulnerability-database/CVE-2025-59151

Severity Score

8.2

Weakness Type (CWE)

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-113

Improper Neutralization of CRLF Sequences ('CRLF Injection')

CWE-93

Top Fix

Upgrade Version

Upgrade to version https://github.com/pi-hole/web.git - v6.3

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59151

Good to know:

Date: October 27, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?