{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1219", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2025-02-11T04:52:06.072Z", "datePublished": "2025-03-30T05:33:13.801Z", "dateUpdated": "2025-03-31T13:10:25.062Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "8.1.32", "status": "affected", "version": "8.1.*", "versionType": "semver"}, {"lessThan": "8.2.28", "status": "affected", "version": "8.2.*", "versionType": "semver"}, {"lessThan": "8.3.19", "status": "affected", "version": "8.3.*", "versionType": "semver"}, {"lessThan": "8.4.5", "status": "affected", "version": "8.4.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Tim D\u00fcsterhus"}], "datePublic": "2025-03-13T17:44:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, w<span style=\"background-color: rgb(255, 255, 255);\">hen requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong </span><code>content-type</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.&nbsp;</span></p>"}], "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type\u00a0header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations."}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2025-03-30T05:33:13.801Z"}, "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"}], "source": {"advisory": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7", "discovery": "INTERNAL"}, "title": "libxml streams use wrong content-type header when requesting a redirected resource", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1116", "lang": "en", "description": "CWE-1116 Inaccurate Comments"}]}], "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T13:10:21.300276Z", "id": "CVE-2025-1219", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T13:10:25.062Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "libxml streams use wrong content-type header when requesting a redirected resource", "source": {"advisory": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Tim D\u00fcsterhus"}], "impacts": [{"capecId": "CAPEC-220", "descriptions": [{"lang": "en", "value": "CAPEC-220 Client-Server Protocol Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHP Group", "product": "PHP", "versions": [{"status": "affected", "version": "8.1.*", "lessThan": "8.1.32", "versionType": "semver"}, {"status": "affected", "version": "8.2.*", "lessThan": "8.2.28", "versionType": "semver"}, {"status": "affected", "version": "8.3.*", "lessThan": "8.3.19", "versionType": "semver"}, {"status": "affected", "version": "8.4.*", "lessThan": "8.4.5", "versionType": "semver"}], "defaultStatus": "affected"}], "datePublic": "2025-03-13T17:44:00.000Z", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type\u00a0header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.", "supportingMedia": [{"type": "text/html", "value": "<p>In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, w<span style=\"background-color: rgb(255, 255, 255);\">hen requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong </span><code>content-type</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.&nbsp;</span></p>", "base64": false}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2025-03-30T05:33:13.801Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1219", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-31T13:10:21.300276Z"}}}], "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1116", "description": "CWE-1116 Inaccurate Comments"}]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-03-31T13:09:37.929Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-1219", "state": "PUBLISHED", "dateUpdated": "2025-03-30T05:33:13.801Z", "dateReserved": "2025-02-11T04:52:06.072Z", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "datePublished": "2025-03-30T05:33:13.801Z", "assignerShortName": "php"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type\u00a0header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations."}, {"lang": "es", "value": "En PHP (versi\u00f3n 8.1.* anterior a 8.1.32, 8.2.* anterior a 8.2.28, 8.3.* anterior a 8.3.19 y 8.4.* anterior a 8.4.5), al solicitar un recurso HTTP mediante las extensiones DOM o SimpleXML, se utiliza un encabezado de tipo de contenido incorrecto para determinar el conjunto de caracteres cuando el recurso solicitado realiza una redirecci\u00f3n. Esto puede provocar que el documento resultante se analice incorrectamente o que se omitan las validaciones."}], "id": "CVE-2025-1219", "lastModified": "2025-04-01T20:26:30.593", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@php.net", "type": "Secondary"}]}, "published": "2025-03-30T06:15:13.570", "references": [{"source": "security@php.net", "url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1116"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "php: libxml streams use wrong content-type header when requesting a redirected resource", "id": "2356043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356043"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type\u00a0header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.", "A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-1219", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "php:7.4/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "php:8.1/php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "php:8.3/php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-30T05:33:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1219\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1219\nhttps://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"], "threat_severity": "Moderate"}