CVE-2025-1219

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1219
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc Exploit Vendor Advisory
https://security.netapp.com/advisory/ntap-20250523-0007/
https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
History

23 May 2025, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20250523-0007/ -

15 Apr 2025, 16:54

Type Values Removed Values Added
References () https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc - () https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc - Exploit, Vendor Advisory
First Time Php
Php php
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

01 Apr 2025, 20:26

Type Values Removed Values Added
Summary
  • (es) En PHP (versión 8.1.* anterior a 8.1.32, 8.2.* anterior a 8.2.28, 8.3.* anterior a 8.3.19 y 8.4.* anterior a 8.4.5), al solicitar un recurso HTTP mediante las extensiones DOM o SimpleXML, se utiliza un encabezado de tipo de contenido incorrecto para determinar el conjunto de caracteres cuando el recurso solicitado realiza una redirección. Esto puede provocar que el documento resultante se analice incorrectamente o que se omitan las validaciones.

31 Mar 2025, 13:15

Type Values Removed Values Added
References () https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc - () https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc -
CWE CWE-1116

30 Mar 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-30 06:15

Updated : 2025-05-23 14:15

NVD link : CVE-2025-1219

Mitre link : CVE-2025-1219

CVE.ORG link : CVE-2025-1219

JSON object : View

Products Affected

php

  • php
CWE
CWE-1116

Inaccurate Comments