HTTP Header Injection Vulnerability in HTTP.jl by JuliaWeb
CVE-2025-61689

8.7HIGH

Key Information:

Vendor: Juliaweb
Status: Http.jl
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-61689?

The HTTP.jl library, vital for HTTP client and server operations in the Julia programming language, contains a security flaw that allows unauthorized manipulation of header names and values due to inadequate validation. This vulnerability enables attackers to exploit CRLF sequences, leading to HTTP response splitting and header injection. Consequently, this can facilitate various attacks, including cache poisoning, cross-site scripting (XSS), and session fixation. The issue has been addressed in version 1.10.19 of HTTP.jl.

Affected Version(s)

HTTP.jl < 1.10.19

References

https://github.com/JuliaWeb/HTTP.jl/security/advisories/G...

x_refsource_CONFIRM

https://github.com/JuliaWeb/HTTP.jl/releases/tag/v1.10.19

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 29, 2025

JSON

Juliaweb

What is CVE-2025-61689?

Affected Version(s)

References

CVSS V4

Timeline