Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2025-1734

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

  • Published: Mar 30, 2025
  • Updated: Jul 3, 2025
  • CVE: CVE-2025-1734
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

No CWE or OWASP classifications available.

Software From Fixed in
php / php 8.1.0 8.1.32
php / php 8.2.0 8.2.28
php / php 8.3.0 8.3.19
php / php 8.4.0 8.4.5
netapp / ontap 9 9.x