// For flags

CVE-2025-1219

libxml streams use wrong content-type header when requesting a redirected resource

Severity Score

6.3
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling.

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that PHP incorrectly handled certain headers. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS Ubuntu 24.10, and Ubuntu 24.04 LTS.

*Credits: Tim Düsterhus
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Attack Requirements
Present
Privileges Required
None
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
Low
None
Integrity
None
None
Availability
None
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2025-02-11 CVE Reserved
  • 2025-02-28 CVE Published
  • 2025-04-06 First Exploit
  • 2025-05-23 CVE Updated
  • 2025-06-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
  • CWE-1116: Inaccurate Comments
CAPEC
  • CAPEC-220: Client-Server Protocol Manipulation
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
PHP Group
Search vendor "PHP Group"
 PHP
Search vendor "PHP Group" for product "PHP"
 >= 8.1.0 < 8.1.32
Search vendor "PHP Group" for product "PHP" and version " >= 8.1.0 < 8.1.32"
en
Affected
PHP Group
Search vendor "PHP Group"
 PHP
Search vendor "PHP Group" for product "PHP"
 >= 8.2.0 < 8.2.28
Search vendor "PHP Group" for product "PHP" and version " >= 8.2.0 < 8.2.28"
en
Affected
PHP Group
Search vendor "PHP Group"
 PHP
Search vendor "PHP Group" for product "PHP"
 >= 8.3.0 < 8.3.19
Search vendor "PHP Group" for product "PHP" and version " >= 8.3.0 < 8.3.19"
en
Affected
PHP Group
Search vendor "PHP Group"
 PHP
Search vendor "PHP Group" for product "PHP"
 >= 8.4.0 < 8.4.5
Search vendor "PHP Group" for product "PHP" and version " >= 8.4.0 < 8.4.5"
en
Affected