CRLF Injection Vulnerability in Pi-hole Admin Interface by Pi-hole
CVE-2025-59151

8.2HIGH

Key Information:

Vendor: Pi-hole
Status: Web
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-59151?

The Pi-hole Admin Interface allows for the management of the Pi-hole application but is susceptible to a CRLF injection vulnerability prior to version 6.3. This vulnerability arises when the application processes requests to files with the .lp extension, where input is not properly sanitized during redirection. An attacker can exploit this flaw by injecting carriage return and line feed characters (%0d%0a), thereby manipulating HTTP response headers and content. This could lead to serious security risks such as session fixation, cache poisoning, and potential bypassing of browser security features like Content Security Policy and X-XSS-Protection. The issue has been addressed in the latest version, 6.3.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

web < 6.3

References

https://github.com/pi-hole/web/security/advisories/GHSA-5...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Sep 9, 2025

JSON

Pi-hole

What is CVE-2025-59151?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.