VDB

DEBIAN-CVE-2025-1217

DEBIAN-CVE-2025-1217 PUBLISHED CVSS 3.0999999046325684 LOW

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

Risk Scores

CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Debian:11php7.40, 7.4.21-1+deb11u1, 7.4.26-1
Debian:12php8.20, 8.2.10-1, 8.2.10-2
Debian:14php8.40, 0
Debian:13php8.40, 0

Exploit Intelligence

Timeline

  • Mar 29, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›