First published: Thu Mar 13 2025(Updated: )
Fixed (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
Credit: security@php.net
Affected Software | Affected Version | How to fix |
---|---|---|
PHP | <8.2.28 | 8.2.28 |
debian/php7.4 | <=7.4.33-1+deb11u5 | 7.4.33-1+deb11u8 |
debian/php8.2 | <=8.2.26-1~deb12u1 | 8.2.28-1~deb12u1 |
debian/php8.4 | 8.4.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1861 has been classified as a moderate severity vulnerability.
To fix CVE-2025-1861, update PHP to version 8.3.19 or later.
CVE-2025-1861 affects PHP versions up to 8.3.19.
CVE-2025-1861 addresses a security issue that allows the truncation of HTTP redirect locations to 1024 bytes.
There is no official workaround for CVE-2025-1861; updating to the fixed version is recommended.