First published: Thu Mar 13 2025(Updated: )
Fixed (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
Credit: security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
PHP | <8.2.28 | 8.2.28 |
debian/php7.4 | <=7.4.33-1+deb11u5 | 7.4.33-1+deb11u8 |
debian/php8.2 | <=8.2.26-1~deb12u1 | 8.2.28-1~deb12u1 |
debian/php8.4 | 8.4.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1219 has a moderate severity level due to its potential impact on content-type headers in redirected requests.
To mitigate CVE-2025-1219, upgrade PHP to version 8.3.19 or later.
CVE-2025-1219 affects PHP versions prior to 8.3.19 that improperly handle content-type headers in libxml streams.
Yes, CVE-2025-1219 could potentially be exploited in a remote attack scenario if an attacker controls redirection.
The consequences of CVE-2025-1219 include the possibility of content manipulation and exposure to data integrity issues.