CVE-2025-53094
ESPAsyncWebServer (ESP32/ESP8266/RP2040/ RP2350) up to version 3.7.8 contains a CRLF injection vulnerability in AsyncWebHeader.cpp that can corrupt header names/values and potentially manipulate HTTP responses. Root cause: unsanitized CRLF input during header construction/output. Impact: header/r...