First published: Thu Mar 13 2025(Updated: )
Fixed (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217)
Credit: security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
PHP | <8.2.28 | 8.2.28 |
debian/php7.4 | <=7.4.33-1+deb11u5 | 7.4.33-1+deb11u8 |
debian/php8.2 | <=8.2.26-1~deb12u1 | 8.2.28-1~deb12u1 |
debian/php8.4 | 8.4.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1217 has been rated as a moderate severity vulnerability affecting the header parser of the HTTP stream wrapper.
To fix CVE-2025-1217, upgrade your PHP version to 8.3.19 or later.
CVE-2025-1217 affects the header parser functionality within the HTTP stream wrapper of PHP.
Yes, CVE-2025-1217 can be exploited to manipulate HTTP header handling, potentially leading to security issues in PHP applications.
PHP versions below 8.3.19 are vulnerable to CVE-2025-1217.