Vulnerability CVE-2025-1734: Information

Description

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

Severity: MEDIUM (6.3)
Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-1734
Published: March 30, 2025
Modified: Nov. 3, 2025
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
php8.1sisyphus_e2k8.1.32-alt18.1.34-alt1ALT-PU-2025-4716-1-Fixed
php8.1p118.1.32-alt18.1.34-alt1ALT-PU-2025-4377-2378017Fixed
php8.1p108.1.32-alt18.1.34-alt1ALT-PU-2025-4565-2378690Fixed
php8.1p10_e2k8.1.32-alt18.1.34-alt1ALT-PU-2025-5263-1-Fixed
php8.1c10f28.1.32-alt18.1.34-alt1ALT-PU-2025-4404-3378018Fixed
php8.1-soapp118.1.32-alt18.1.34-alt1ALT-PU-2025-16487-1378017Fixed
php8.1-soapp108.1.32-alt18.1.34-alt1ALT-PU-2025-16583-1378690Fixed
php8.1-soapc10f28.1.32-alt18.1.34-alt1ALT-PU-2025-16536-1378018Fixed
php8.2sisyphus8.2.28-alt18.2.30-alt1ALT-PU-2025-4162-2377716Fixed
php8.2sisyphus_e2k8.2.28-alt18.2.30-alt1ALT-PU-2025-5258-1-Fixed
php8.2sisyphus_riscv648.2.28-alt18.2.30-alt1ALT-PU-2025-4249-1-Fixed
php8.2sisyphus_loongarch648.2.28-alt18.2.30-alt1ALT-PU-2025-4278-1-Fixed
php8.2p118.2.28-alt18.2.30-alt1ALT-PU-2025-4202-3377802Fixed
php8.2p108.2.28-alt18.2.30-alt1ALT-PU-2025-4317-3377999Fixed
php8.2p10_e2k8.2.28-alt18.2.30-alt1ALT-PU-2025-5261-1-Fixed
php8.2c10f28.2.28-alt18.2.30-alt1ALT-PU-2025-4322-3377997Fixed
php8.2-soapsisyphus8.2.28-alt18.2.30-alt1ALT-PU-2025-16896-1377716Fixed
php8.2-soapp118.2.28-alt18.2.30-alt1ALT-PU-2025-16436-1377802Fixed
php8.2-soapp108.2.28-alt18.2.30-alt1ALT-PU-2025-16576-1377999Fixed
php8.2-soapc10f28.2.28-alt18.2.30-alt1ALT-PU-2025-16542-1377997Fixed
php8.3sisyphus8.3.18-alt18.3.30-alt1ALT-PU-2025-4166-3377717Fixed
php8.3sisyphus_e2k8.3.18-alt18.3.30-alt1ALT-PU-2025-4715-1-Fixed
php8.3sisyphus_riscv648.3.18-alt18.3.30-alt1ALT-PU-2025-4336-1-Fixed
php8.3sisyphus_loongarch648.3.18-alt18.3.30-alt1ALT-PU-2025-4276-1-Fixed
php8.3p118.3.18-alt18.3.30-alt1ALT-PU-2025-4313-3377994Fixed
php8.3c10f28.3.24-alt18.3.29-alt1ALT-PU-2025-9946-3391354Fixed
php8.3-soapsisyphus8.3.19-alt18.3.30-alt1ALT-PU-2025-16684-1380069Fixed
php8.3-soapp118.3.19-alt18.3.30-alt1ALT-PU-2025-16496-1380092Fixed
php8.3-soapc10f28.3.24-alt18.3.29-alt1ALT-PU-2025-16547-1391354Fixed
php8.4sisyphus8.4.5-alt18.4.18-alt1ALT-PU-2025-4368-2377993Fixed
php8.4sisyphus_e2k8.4.5-alt18.4.17-alt1ALT-PU-2025-4713-1-Fixed
php8.4sisyphus_riscv648.4.5-alt18.4.18-alt1ALT-PU-2025-4389-1-Fixed
php8.4sisyphus_loongarch648.4.5-alt18.4.18-alt1ALT-PU-2025-4393-1-Fixed
php8.4p118.4.5-alt18.4.17-alt1ALT-PU-2025-4406-3378211Fixed
php8.4-soapsisyphus8.4.5-alt18.4.18-alt1ALT-PU-2025-16762-1377993Fixed
php8.4-soapp118.4.5-alt18.4.17-alt1ALT-PU-2025-16476-1378211Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44
  • Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html
    https://security.netapp.com/advisory/ntap-20250523-0009/
    • Third Party Advisory
    BDU:2025-02827
        1. cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
          Start including
          8.1.0
          End excluding
          8.1.32
          cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
          Start including
          8.2.0
          End excluding
          8.2.28
          cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
          Start including
          8.3.0
          End excluding
          8.3.19
          cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
          Start including
          8.4.0
          End excluding
          8.4.5
          cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
      Version: v26.2.2
      Back to top