CVE-2025-1734

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*

History

02 Jul 2025, 20:13

Type Values Removed Values Added
First Time Netapp
Php
Php php
Netapp ontap
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
References () https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 - () https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20250523-0009/ - () https://security.netapp.com/advisory/ntap-20250523-0009/ - Third Party Advisory

23 May 2025, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20250523-0009/ -

01 Apr 2025, 20:26

Type Values Removed Values Added
Summary
  • (es) En PHP (versión 8.1.* anterior a 8.1.32, 8.2.* anterior a 8.2.28, 8.3.* anterior a 8.3.19 y 8.4.* anterior a 8.4.5), al recibir encabezados del servidor HTTP, los encabezados sin dos puntos (:) se consideran válidos, aunque no lo sean. Esto puede confundir a las aplicaciones y hacer que acepten encabezados no válidos.

30 Mar 2025, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-30 06:15

Updated : 2025-07-02 20:13


NVD link : CVE-2025-1734

Mitre link : CVE-2025-1734

CVE.ORG link : CVE-2025-1734


JSON object : View

Products Affected

netapp

  • ontap

php

  • php
CWE
CWE-20

Improper Input Validation