Security News

Cybersecurity news aggregator

🔓
HIGH Vulnerabilities Web Discovery

PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-1220) - Web Application Vulnerabilities | Invicti

cve-2025-1220phpssrf
  • What: A Server-Side Request Forgery (SSRF) vulnerability exists in PHP due to insufficient validation of hostnames in functions like fsockopen().
  • Impact: This can allow attackers to bypass access checks and potentially access internal resources.
Read Full Article →

PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-1220) - Vulnerability Database PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-1220) Description In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions. References CVE-2025-1220 Related Vulnerabilities Severity Medium Classification CVE-2025-1220 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities

Related Articles

MEDIUM Snyk Vulnerability Database | Snyk Web Discovery MEDIUM [UPDATE] [hoch] PHP: Mehrere Schwachstellen BSI Germany HIGH PHP Server-Side Request Forgery (SSRF) | Security Vulnerability Database | Sourcery Web Discovery
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn