{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1220", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2025-02-11T04:54:48.211Z", "datePublished": "2025-07-13T22:18:36.974Z", "dateUpdated": "2025-11-04T21:09:17.792Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "8.1.33", "status": "affected", "version": "8.1.*", "versionType": "semver"}, {"lessThan": "8.2.29", "status": "affected", "version": "8.2.*", "versionType": "semver"}, {"lessThan": "8.3.23", "status": "affected", "version": "8.3.*", "versionType": "semver"}, {"lessThan": "8.4.10", "status": "affected", "version": "8.4.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Jihwan Kim"}], "datePublic": "2025-07-03T12:27:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions. "}], "value": "In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2025-07-13T22:18:36.974Z"}, "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"}], "source": {"advisory": "GHSA-453j-q27h-5p8x", "discovery": "EXTERNAL"}, "title": "Null byte termination in hostnames", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-14T15:58:46.330104Z", "id": "CVE-2025-1220", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-14T15:58:49.718Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00017.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/11/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:09:17.792Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00017.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/11/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:09:17.792Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1220", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-14T15:58:46.330104Z"}}}], "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-14T15:58:40.498Z"}}], "cna": {"title": "Null byte termination in hostnames", "source": {"advisory": "GHSA-453j-q27h-5p8x", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Jihwan Kim"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHP Group", "product": "PHP", "versions": [{"status": "affected", "version": "8.1.*", "lessThan": "8.1.33", "versionType": "semver"}, {"status": "affected", "version": "8.2.*", "lessThan": "8.2.29", "versionType": "semver"}, {"status": "affected", "version": "8.3.*", "lessThan": "8.3.23", "versionType": "semver"}, {"status": "affected", "version": "8.4.*", "lessThan": "8.4.10", "versionType": "semver"}], "defaultStatus": "affected"}], "datePublic": "2025-07-03T12:27:00.000Z", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.", "supportingMedia": [{"type": "text/html", "value": "In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2025-07-13T22:18:36.974Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1220", "state": "PUBLISHED", "dateUpdated": "2025-11-04T21:09:17.792Z", "dateReserved": "2025-02-11T04:54:48.211Z", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "datePublished": "2025-07-13T22:18:36.974Z", "assignerShortName": "php"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DFFB7CE-0CB6-4229-8A83-D5994163F599", "versionEndExcluding": "8.1.33", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0671DC7-C9E0-4CB9-8CBE-7C7D724A4E3F", "versionEndExcluding": "8.2.29", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "99142A2A-C510-477B-A090-DE73441BBFD0", "versionEndExcluding": "8.3.23", "versionStartIncluding": "8.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "61D8A8DF-85D3-435B-BB2B-F3D728575758", "versionEndExcluding": "8.4.10", "versionStartIncluding": "8.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions."}, {"lang": "es", "value": "En las versiones de PHP 8.1.* anteriores a la 8.1.33, 8.2.* anteriores a la 8.2.29, 8.3.* anteriores a la 8.3.23 y 8.4.* anteriores a la 8.4.10, algunas funciones como fsockopen() carecen de validaci\u00f3n para verificar que el nombre de host proporcionado no contenga caracteres nulos. Esto puede provocar que otras funciones como parse_url() traten el nombre de host de forma diferente, lo que genera problemas de seguridad si el c\u00f3digo de usuario implementa comprobaciones de acceso antes de acceder mediante dichas funciones."}], "id": "CVE-2025-1220", "lastModified": "2025-11-04T22:16:06.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "security@php.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-13T23:15:22.773", "references": [{"source": "security@php.net", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/07/11/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00017.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@php.net", "type": "Secondary"}]}

{"bugzilla": {"description": "php: PHP Hostname Null Character Vulnerability", "id": "2379792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379792"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-1220", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "php", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "php:7.4/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "php:8.3/php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-13T22:18:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1220\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1220\nhttps://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"], "statement": "PHP does not classify this issue as a security issue because users are expected to sanitize the input. Nevertheless this was considered as a low impact security issue as a precaution for users that do not do that.", "threat_severity": "Low"}

{"created": "2025-07-14T22:45:21.460171+00:00", "updated": "2025-07-14T22:45:21.460246+00:00", "vendors": ["php", "php$PRODUCT$php"]}