- Description
- In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
- Source
- security@php.net
- NVD status
- Modified
- Products
- php
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@php.net
- CWE-918
- Hype score
- Not currently trending
🚨 CVE-2025-1220: PHP’s fsockopen() can be tricked with a null byte, allowing unauthenticated SSRF. Patch to 8.1.33 / 8.2.29 / 8.3.23 / 8.4.10 now! Full advisory ➡️ https://t.co/BqParijcma #PHP #infosec #AppSec
@VolerionSec
13 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33 https://t.co/xq1R6FQjZS CVE-2025-1735: pgsql extension does not check for errors during escaping CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension CVE-2025-1220: Null byte termination in hostnames
@oss_security
12 Jul 2025
289 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
kusanagi-php82 Module Update 8.2.29-1 KUSANAGI 9 modules have been updated. The updated modules are as follows: php 8.2.29-1 This update includes support for vulnerability(CVE-2025-1735, CVE-2025-6491, CVE-2025-1220). On the combination of PHP... https://t.co/CzA6vFZA2B
@kusanagi_saya
7 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
kusanagi-php83 Module Update 8.3.23-1 KUSANAGI 9 modules have been updated. The updated modules are as follows: php 8.3.23-1 This update includes support for vulnerability(CVE-2025-1735, CVE-2025-6491, CVE-2025-1220). The module update can be... https://t.co/y5NdfUo0JJ
@kusanagi_saya
7 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
kusanagi-php84 Module Update 8.4.10-1 KUSANAGI 9 modules have been updated. The updated modules are as follows: php 8.4.10-1 This update includes support for vulnerability(CVE-2025-1735, CVE-2025-6491, CVE-2025-1220). The module update can be... https://t.co/XUU5pUQSCc
@kusanagi_saya
7 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFFB7CE-0CB6-4229-8A83-D5994163F599",
"versionEndExcluding": "8.1.33",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0671DC7-C9E0-4CB9-8CBE-7C7D724A4E3F",
"versionEndExcluding": "8.2.29",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99142A2A-C510-477B-A090-DE73441BBFD0",
"versionEndExcluding": "8.3.23",
"versionStartIncluding": "8.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61D8A8DF-85D3-435B-BB2B-F3D728575758",
"versionEndExcluding": "8.4.10",
"versionStartIncluding": "8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]