CVEFinder.io

CVE-2025-1734

🔶 medium
🔍 Scan for this CVE
Summary

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

CVSS Score
5.3
Medium
EPSS Score
0.4
Exploit Probability
Published Date
2025-03-30
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 329,456 vulnerabilities in our database.

#264,595
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 31, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Jakub Zelenka (reporter)
SSVC data provided by CISA
Last Modified 2025-11-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-20

📦 Affected Products 5

Vendor Product Status Affected Versions
php php Affected
≥ 8.1.0 < 8.1.32
php php Affected
≥ 8.2.0 < 8.2.28
php php Affected
≥ 8.3.0 < 8.3.19
php php Affected
≥ 8.4.0 < 8.4.5
netapp ontap Affected
v9

🔗 References 3

https://github.com/php/php-src/security/advisories/G...
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/03...
https://security.netapp.com/advisory/ntap-20250523-0...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-22052 🔶 medium 4.3 0.0 ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Success... 2026-03-05
CVE-2026-22050 🔶 medium 4.3 0.0 ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a ... 2026-01-12
CVE-2025-14177 ⚠️ high 7.5 0.0 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, ... 2025-12-27
CVE-2025-14178 🔶 medium 6.5 0.1 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, ... 2025-12-27
CVE-2025-14180 ⚠️ high 7.5 0.0 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 w... 2025-12-27
CVE-2025-6491 🔶 medium 5.9 0.1 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data... 2025-07-13
These CVEs affect the same products