CVE-2025-1219

Name of the Vulnerable Software and Affected Versions PHP versions 8.1.* through 8.1.31 PHP versions 8.2.* through 8.2.27 PHP versions 8.3.* through 8.3.18 PHP versions 8.4.* through 8.4.4

Description The issue is related to the use of the wrong content-type header to determine the charset when a requested resource performs a redirect, potentially causing the resulting document to be parsed incorrectly or bypass validations. This can occur when requesting an HTTP resource using the DOM or SimpleXML extensions in PHP. The vulnerability may allow a remote attacker to redirect a user to an arbitrary URL.

Recommendations Update PHP to version 8.1.32 or later for versions 8.1.* Update PHP to version 8.2.28 or later for versions 8.2.* Update PHP to version 8.3.19 or later for versions 8.3.* Update PHP to version 8.4.5 or later for versions 8.4.*