VDB
DEBIAN-CVE-2025-1217
DEBIAN-CVE-2025-1217
PUBLISHED
CVSS 3.0999999046325684 LOW
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | php7.4 | 0, 7.4.21-1+deb11u1, 7.4.26-1 |
| Debian:12 | php8.2 | 0, 8.2.10-1, 8.2.10-2 |
| Debian:14 | php8.4 | 0, 0 |
| Debian:13 | php8.4 | 0, 0 |
Exploit Intelligence
- index.php (github-poc)
- cve_db.json (github-poc)
Timeline
- Mar 29, 2025 CVE Published
- Apr 28, 2026 CVE Updated