Invalid Header Handling Vulnerability in PHP Products
CVE-2025-1734

6.3MEDIUM

Key Information:

Vendor

PHP Group

Status
Vendor
CVE Published:
30 March 2025

What is CVE-2025-1734?

A vulnerability exists in PHP where HTTP headers missing a colon (:) are incorrectly recognized as valid headers across several versions. This flaw may lead applications to accept malformed headers, potentially compromising security and causing unexpected behavior. Developers are advised to monitor header validation closely to mitigate risks associated with this issue.

Affected Version(s)

PHP 8.1.*

PHP 8.1.* < 8.1.32

PHP 8.2.* < 8.2.28

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jakub Zelenka
.
CVE-2025-1734 : Invalid Header Handling Vulnerability in PHP Products