Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2025-1736

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

  • Published: Mar 30, 2025
  • Updated: Jul 3, 2025
  • CVE: CVE-2025-1736
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

No CWE or OWASP classifications available.

Software From Fixed in
php / php 8.1.0 8.1.32
php / php 8.2.0 8.2.28
php / php 8.3.0 8.3.19
php / php 8.4.0 8.4.5
netapp / ontap 9 9.x