CVE-2025-1861

EPSS 0.11%
Published 30.03.2025 06:15:14
Last modified 02.07.2025 20:17:38
Source security@php.net
Teams watchlist Login
Open Login

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version >= 8.1.0 < 8.1.31

Php ≫ Php Version >= 8.2.0 < 8.2.26

Php ≫ Php Version >= 8.3.0 < 8.3.14

Php ≫ Php Version >= 8.4.0 < 8.4.5

Netapp ≫ Ontap Version9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.293

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@php.net	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250523-0005/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-1861

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1861

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1861

EUVD