CVE-2025-1217
EUVD-2025-1512729.03.2025, 06:15
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 8.1.0 ≤ 𝑥 < 8.1.32 |
| php | php | 8.2.0 ≤ 𝑥 < 8.2.28 |
| php | php | 8.3.0 ≤ 𝑥 < 8.3.19 |
| php | php | 8.4.0 ≤ 𝑥 < 8.4.5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| php5 |
| ||||||||||||||
| php7.0 |
| ||||||||||||||
| php7.2 |
| ||||||||||||||
| php7.4 |
| ||||||||||||||
| php8.1 |
| ||||||||||||||
| php8.3 |
| ||||||||||||||
| php8.4 |
|
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-436 - Interpretation ConflictProduct A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.