Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2025-1219

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

  • Published: Mar 30, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2025-1219
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

No CWE or OWASP classifications available.

Software From Fixed in
php / php 8.1.0 8.1.32
php / php 8.2.0 8.2.28
php / php 8.3.0 8.3.19
php / php 8.4.0 8.4.5