First published: Thu Mar 13 2025(Updated: )
Fixed (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
Credit: security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
PHP | <8.2.28 | 8.2.28 |
debian/php7.4 | <=7.4.33-1+deb11u5 | 7.4.33-1+deb11u8 |
debian/php8.2 | <=8.2.26-1~deb12u1 | 8.2.28-1~deb12u1 |
debian/php8.4 | 8.4.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1734 has been classified as a moderate severity vulnerability.
To fix CVE-2025-1734, update PHP to version 8.3.19 or later.
CVE-2025-1734 affects PHP versions prior to 8.3.19.
Yes, CVE-2025-1734 can lead to unexpected behaviors in applications if not addressed.
Yes, CVE-2025-1734 is a documented vulnerability in the PHP changelog.