Vulnerabilities > CVE-2025-1219 - Unspecified vulnerability in PHP

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

php

NVD

Published: 2025-03-30

Updated: 2025-04-15

Summary

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 8.1.0 PHP PHP 8.1.1 PHP PHP 8.1.2 PHP PHP 8.1.3 PHP PHP 8.1.4 PHP PHP 8.1.5 PHP PHP 8.1.6 PHP PHP 8.1.7 PHP PHP 8.1.8 PHP PHP 8.1.9 PHP PHP 8.1.10 PHP PHP 8.1.12 PHP PHP 8.1.13 PHP PHP 8.1.14 PHP PHP 8.1.15 PHP PHP 8.1.16 PHP PHP 8.1.17 PHP PHP 8.1.18 PHP PHP 8.1.19 PHP PHP 8.1.20 PHP PHP 8.1.21 PHP PHP 8.1.22 PHP PHP 8.1.23 PHP PHP 8.1.24 PHP PHP 8.1.25 PHP PHP 8.1.26 PHP PHP 8.1.27 PHP PHP 8.1.28 PHP PHP 8.1.29 PHP PHP 8.1.30 PHP PHP 8.1.31 PHP PHP 8.2.0 PHP PHP 8.2.1 PHP PHP 8.2.2 PHP PHP 8.2.3 PHP PHP 8.2.4 PHP PHP 8.2.5 PHP PHP 8.2.6 PHP PHP 8.2.7 PHP PHP 8.2.8 PHP PHP 8.2.9 PHP PHP 8.2.10 PHP PHP 8.2.11 PHP PHP 8.2.12 PHP PHP 8.2.13 PHP PHP 8.2.14 PHP PHP 8.2.15 PHP PHP 8.2.16 PHP PHP 8.2.17 PHP PHP 8.2.18 PHP PHP 8.2.19 PHP PHP 8.2.20 PHP PHP 8.2.21 PHP PHP 8.2.22 PHP PHP 8.2.23 PHP PHP 8.2.24 PHP PHP 8.2.25 PHP PHP 8.2.26 PHP PHP 8.3.0 PHP PHP 8.3.1 PHP PHP 8.3.2 PHP PHP 8.3.3 PHP PHP 8.3.4 PHP PHP 8.3.5 PHP PHP 8.3.6 PHP PHP 8.3.7 PHP PHP 8.3.8 PHP PHP 8.3.9 PHP PHP 8.3.10 PHP PHP 8.3.11 PHP PHP 8.3.12 PHP PHP 8.3.13 PHP PHP 8.3.14 PHP PHP *	168

Summary

Vulnerable Configurations

References