Improper Content-Type Handling in PHP Affecting Multiple Versions
CVE-2025-1219

6.3MEDIUM

Key Information:

Vendor
PHP Group
Status
PHP
Vendor
CVE Published:
30 March 2025

Badges

📈 Score: 1,310👾 Exploit Exists📰 News Worthy

What is CVE-2025-1219?

CVE-2025-1219 is a vulnerability affecting multiple versions of the PHP programming language, which is widely used for server-side web development. This vulnerability arises from improper handling of the Content-Type header when requesting HTTP resources through the DOM or SimpleXML extensions. As a result, incorrect charset determinations can lead to improper parsing of documents or validation bypasses. Organizations relying on PHP for web applications may face significant risks if this vulnerability is exploited, potentially compromising the integrity and security of their systems.

Technical Details

The vulnerability specifically impacts versions of PHP prior to 8.1.32, 8.2.28, 8.3.19, and 8.4.5. When a redirect occurs during an HTTP resource request, the application may use an incorrect Content-Type header, leading to unpredictable behavior in how resources are processed. This flaw can undermine the expected operations of web applications, particularly those leveraging the aforementioned PHP extensions. It is essential for developers and system administrators working with affected PHP versions to be aware of this issue to implement appropriate mitigations.

Potential impact of CVE-2025-1219

  1. Data Integrity Risks: The improper parsing of documents could result in corrupt data being processed or stored, leading to potential inaccuracies and reliability issues within applications.

  2. Validation Bypass: Attackers could exploit this vulnerability to bypass security validations that are crucial for maintaining application integrity, potentially allowing unauthorized access to sensitive data.

  3. Increased Attack Surface: By enabling the misinterpretation of content types, this flaw could broaden the avenues through which attackers can target an organization’s web applications, escalating the risk of broader exploitation strategies.

Affected Version(s)

PHP 8.1.*

PHP 8.1.* < 8.1.32

PHP 8.2.* < 8.2.28

News Articles

favicon imageCybersecurityNews

Critical PHP Vulnerability Let Hackers Bypass the Validation To Load Malicious Content 

A critical vulnerability in PHP's libxml streams has been identified, potentially impacting web applications that rely on the DOM or SimpleXML extensions for HTTP requests.

References

https://github.com/php/php-src/security/advisories/GHSA-p...

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tim Düsterhus
.
CVE-2025-1219 : Improper Content-Type Handling in PHP Affecting Multiple Versions | SecurityVulnerability.io