Home > Vulnerability Database > CVE-2025-61689

Mend.io Vulnerability Database

CVE-2025-61689

Good to know:

Date: October 10, 2025

HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header injection, leading to cache poisoning, XSS, session fixation, and more. This issue is fixed in HTTP.jl "v1.10.19".

Severity Score

8.6

Related Resources (4)

Url: https://github.com/JuliaWeb/HTTP.jl/releases/tag/v1.10.19

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61689

Url: https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-h3x8-ppwj-6vcj

Url: https://www.mend.io/vulnerability-database/CVE-2025-61689

Severity Score

8.6

Weakness Type (CWE)

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-113

Top Fix

Upgrade Version

Upgrade to version https://github.com/JuliaWeb/HTTP.jl.git - v1.10.18

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61689

Good to know:

Date: October 10, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?