CVE-2025-1217

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

3.1 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g Exploit Vendor Advisory
https://security.netapp.com/advisory/ntap-20250523-0008/
https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
History

23 May 2025, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20250523-0008/ -

01 May 2025, 19:29

Type Values Removed Values Added
First Time Php php
Php
CPE cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 3.1
CWE CWE-436
References () https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g - () https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g - Exploit, Vendor Advisory

01 Apr 2025, 20:26

Type Values Removed Values Added
Summary
  • (es) En PHP desde 8.1.* antes de 8.1.32, desde 8.2.* antes de 8.2.28, desde 8.3.* antes de 8.3.19, desde 8.4.* antes de 8.4.5, cuando el módulo de solicitud http analiza la respuesta HTTP obtenida de un servidor, los encabezados plegados se analizan incorrectamente, lo que puede llevar a una mala interpretación de la respuesta y al uso de encabezados incorrectos, tipos MIME, etc.

31 Mar 2025, 14:15

Type Values Removed Values Added
References () https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g - () https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g -

29 Mar 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-29 06:15

Updated : 2025-05-23 14:15

NVD link : CVE-2025-1217

Mitre link : CVE-2025-1217

CVE.ORG link : CVE-2025-1217

JSON object : View

Products Affected

php

  • php
CWE
CWE-20

Improper Input Validation

CWE-436

Interpretation Conflict