5.3

CVE-2025-24013

EPSS 0.2%
Veröffentlicht 20.01.2025 16:15:28
Zuletzt bearbeitet 01.08.2025 19:17:42
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codeigniter ≫ Codeigniter Version < 4.5.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.417

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-436 Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

https://github.com/advisories/GHSA-wxmh-65f7-jcvw

Not Applicable

https://datatracker.ietf.org/doc/html/rfc7230#section-3.2

Technical Description

https://github.com/codeigniter4/CodeIgniter4/commit/5f8aa24280fb09947897d6b322bf1f0e038b13b6

Patch

https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-x5mq-jjr3-vmx6

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-24013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-24013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-24013

EUVD