CVE-2025-1736

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1736
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 Vendor Advisory
https://security.netapp.com/advisory/ntap-20250523-0006/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
History

02 Jul 2025, 20:14

Type Values Removed Values Added
First Time Netapp
Php
Php php
Netapp ontap
References () https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 - () https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528 - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20250523-0006/ - () https://security.netapp.com/advisory/ntap-20250523-0006/ - Third Party Advisory
CPE cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3

23 May 2025, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20250523-0006/ -

01 Apr 2025, 20:26

Type Values Removed Values Added
Summary
  • (es) En PHP desde 8.1.* antes de 8.1.32, desde 8.2.* antes de 8.2.28, desde 8.3.* antes de 8.3.19, desde 8.4.* antes de 8.4.5, cuando se envían encabezados proporcionados por el usuario, la validación insuficiente de los caracteres de final de línea puede impedir que se envíen ciertos encabezados o provocar que ciertos encabezados se malinterpreten.

30 Mar 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-30 06:15

Updated : 2025-07-02 20:14

NVD link : CVE-2025-1736

Mitre link : CVE-2025-1736

CVE.ORG link : CVE-2025-1736

JSON object : View

Products Affected

netapp

  • ontap

php

  • php
CWE
CWE-20

Improper Input Validation