CVE-2025-1217

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-1217

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1217.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1217

Aliases

Downstream

BELL-CVE-2025-1217

DEBIAN-CVE-2025-1217

DLA-4088-1

DSA-5878-1

MINI-3vx7-wpcq-hqcm

MINI-6rhx-5g6r-pm4c

MINI-j2q9-wj76-m2p7

MINI-p39m-87r6-jfpf

OESA-2025-1302

OESA-2025-1303

OESA-2025-1304

OESA-2025-1305

OESA-2025-1306

RHSA-2025:15687

RHSA-2025:4263

RHSA-2025:7418

RHSA-2025:7431

RHSA-2025:7432

RHSA-2025:7489

RLSA-2025:4263

RLSA-2025:7418

RLSA-2025:7431

RLSA-2025:7432

RLSA-2025:7489

SUSE-SU-2025:0994-1

SUSE-SU-2025:1012-1

SUSE-SU-2025:1025-1

SUSE-SU-2025:1026-1

UBUNTU-CVE-2025-1217

USN-7400-1

USN-7645-1

openSUSE-SU-2025:14895-1

Related

Published

2025-03-29T06:15:36Z

Modified

2025-08-11T15:13:39.532924Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115

Fixed

aa4bed90d8927de8c2648ea5f3f4a32c56301b71