CVE-2025-24013

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.5.8

Description The issue is related to improper header validation for the name and value, which could allow a potential attacker to construct deliberately malformed headers using the Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application.

Recommendations For CodeIgniter versions prior to 4.5.8, update to version 4.5.8 to resolve the issue. As a temporary workaround, consider restricting the use of the Header class to minimize the risk of exploitation. Avoid using the character in header names and values until the issue is resolved.