6.3

CVE-2025-1219

Exploit

libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 8.1.0 < 8.1.32
PhpPhp Version >= 8.2.0 < 8.2.28
PhpPhp Version >= 8.3.0 < 8.3.19
PhpPhp Version >= 8.4.0 < 8.4.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.72% 0.493
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security@php.net 6.3 0 0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-1116 Inaccurate Source Code Comments

The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated.

https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc
Vendor Advisory
Exploit
https://security.netapp.com/advisory/ntap-20250523-0007/
https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html