Description

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.

Remediation

References

CVE-2025-1736

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2787)

MediaWiki Other Vulnerability (CVE-2013-4567)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32809)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.4)

Oracle HTTP Server CVE-2023-22019 Vulnerability (CVE-2023-22019)

Severity

High

Classification

CVE-2025-1736 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities