LimeSurvey Generation of Error Message Containing Sensitive Information Vulnerability - CVE-2025-41076

In version 6.13.0 of LimeSurvey any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message the system exposes internal backend information including the use of the Yii framework the MySQL/MariaDB database engine the table name 39lime_sessions39 primary keys and fragments of the content that caused the conflict. This information can simplify the collection of data about the internal architecture of the application by an attacker.