← voltar
CVE-2025-1219

libxml streams use wrong content-type header when requesting a redirected resource

CVSS 6.3 MEDIUMEPSS 0.7%CWE-1116
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
PHP Group · PHP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfchttps://lists.debian.org/debian-lts-announce/2025/03/msg00014.htmlhttps://security.netapp.com/advisory/ntap-20250523-0007/