PT-2025-11347 · Php+11 · Php+11
Jakub Zelenka
·
Published
2025-01-01
·
Updated
2026-03-06
·
CVE-2025-1861
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Vulnerability Report
Name of the Vulnerable Software and Affected Versions
PHP versions 8.1.0 through 8.1.31
PHP versions 8.2.0 through 8.2.27
PHP versions 8.3.0 through 8.3.18
PHP versions 8.4.0 through 8.4.4
PHP 7.4 (Debian)
Description
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A vulnerability exists in PHP due to a limited location buffer size when parsing HTTP redirects. This can lead to incorrect URL truncation and redirection to a wrong location.
Recommendations
PHP versions 8.1.0 through 8.1.31: Upgrade to version 8.1.32 or later.
PHP versions 8.2.0 through 8.2.27: Upgrade to version 8.2.28 or later.
PHP versions 8.3.0 through 8.3.18: Upgrade to version 8.3.19 or later.
PHP versions 8.4.0 through 8.4.4: Upgrade to version 8.4.5 or later.
PHP 7.4 (Debian): Upgrade to a newer version.
Fix
RCE
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu