216.73.216.226

CVE-2025-1219

· Published 30/03/2025 06:15 · Modified 31/03/2025 13:15

Labels: CVE-2025-1219 2025-03-30CVE-2025-1219CWE-1116[email protected]

Essential information

Published
30/03/2025 06:15
Modified
31/03/2025 13:15
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
php / php cpe:2.3:a:php:php:8.1.*:*:*:*:*:*:*:*
php / php cpe:2.3:a:php:php:8.2.*:*:*:*:*:*:*:*
php / php cpe:2.3:a:php:php:8.3.*:*:*:*:*:*:*:*
php / php cpe:2.3:a:php:php:8.4.*:*:*:*:*:*:*:*

References