Invalid Header Handling Vulnerability in PHP Products
CVE-2025-1734
6.3MEDIUM
Summary
A vulnerability exists in PHP where HTTP headers missing a colon (:) are incorrectly recognized as valid headers across several versions. This flaw may lead applications to accept malformed headers, potentially compromising security and causing unexpected behavior. Developers are advised to monitor header validation closely to mitigate risks associated with this issue.
Affected Version(s)
PHP 8.1.*
PHP 8.1.* < 8.1.32
PHP 8.2.* < 8.2.28
References
CVSS V4
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jakub Zelenka