CVE-2025-1217 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
php	CNA	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Debian Releases

Debian Product

Codename

php7.4

bullseye	vulnerable
bullseye (security)	7.4.33-1+deb11u8 fixed

php8.2

bookworm	vulnerable
bookworm (security)	8.2.28-1~deb12u1 fixed

php8.4

sid	8.4.5-1 fixed
trixie	8.4.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

php5

oracular	dne
noble	dne
jammy	dne
focal	dne
trusty	needs-triage

php7.0

oracular	dne
noble	dne
jammy	dne
focal	dne
xenial	needs-triage

php7.2

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	needs-triage

php7.4

oracular	dne
noble	dne
jammy	dne
focal	Fixed 7.4.3-4ubuntu2.29 released

php8.1

oracular	dne
noble	dne
jammy	Fixed 8.1.2-1ubuntu2.21 released
focal	dne

php8.3

oracular	Fixed 8.3.11-0ubuntu0.24.10.5 released
noble	Fixed 8.3.6-0ubuntu0.24.04.4 released
jammy	dne
focal	dne

php8.4

oracular	dne
noble	dne
jammy	dne
focal	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Vulnerability Media Exposure

[GERMAN] PHP: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um Daten zu manipulieren, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, einen Denial of Service Zustand herbeizuführen oder andere nicht näher spezifizierte Auswirkungen zu verursachen.
Published: 2025-03-13T23:00:00+00:00

References

https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g

https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g