CVE-2025-1861

EPSS 0.1%
Veröffentlicht 30.03.2025 06:15:14
Zuletzt bearbeitet 02.07.2025 20:17:38
Quelle security@php.net
Teams Watchlist Login
Unerledigt Login

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php ≫ Php Version >= 8.1.0 < 8.1.31

Php ≫ Php Version >= 8.2.0 < 8.2.26

Php ≫ Php Version >= 8.3.0 < 8.3.14

Php ≫ Php Version >= 8.4.0 < 8.4.5

Netapp ≫ Ontap Version9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.286

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@php.net	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250523-0005/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-1861

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1861

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1861

EUVD