CVE-2025-1861

{"id": "CVE-2025-1861", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security@php.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-30T06:15:14.957", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff", "tags": ["Vendor Advisory"], "source": "security@php.net"}, {"url": "https://security.netapp.com/advisory/ntap-20250523-0005/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-131"}]}], "descriptions": [{"lang": "en", "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location."}, {"lang": "es", "value": "En PHP desde 8.1.* antes de 8.1.32, desde 8.2.* antes de 8.2.28, desde 8.3.* antes de 8.3.19, desde 8.4.* antes de 8.4.5, al analizar la redirecci\u00f3n HTTP en la respuesta a una solicitud HTTP, actualmente hay un l\u00edmite en el tama\u00f1o del valor de ubicaci\u00f3n debido al tama\u00f1o limitado del b\u00fafer de ubicaci\u00f3n a 1024. Sin embargo, seg\u00fan RFC9110, se recomienda que el l\u00edmite sea 8000. Esto puede provocar un truncamiento incorrecto de la URL y la redirecci\u00f3n a una ubicaci\u00f3n incorrecta."}], "lastModified": "2025-07-02T20:17:38.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA", "versionEndExcluding": "8.1.31", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C160D91A-CF97-4DD1-A34F-8B8C852B3CEC", "versionEndExcluding": "8.2.26", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A", "versionEndExcluding": "8.3.14", "versionStartIncluding": "8.3.0"}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC94B1EC-530A-4A25-9BCD-DAC5F52F6813", "versionEndExcluding": "8.4.5", "versionStartIncluding": "8.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A20333EE-4C13-426E-8B54-D78679D5DDB8"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}