Login Sign Up

CVE-2025-1219

5.3 MEDIUM

📋 TL;DR

This vulnerability in PHP's DOM and SimpleXML extensions causes incorrect charset detection when processing HTTP resources that redirect, potentially leading to parsing errors or validation bypasses. It affects PHP applications using these extensions to fetch external resources. Systems running vulnerable PHP versions are at risk.

💻 Affected Systems

Products:
  • PHP
Versions: PHP 8.1.* before 8.1.32, 8.2.* before 8.2.28, 8.3.* before 8.3.19, 8.4.* before 8.4.5
Operating Systems: All operating systems running affected PHP versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using DOM or SimpleXML extensions to request HTTP resources that perform redirects.

📦 What is this software?

Php by Php

View all CVEs affecting Php →

Php by Php

View all CVEs affecting Php →

Php by Php

View all CVEs affecting Php →

Php by Php

View all CVEs affecting Php →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could bypass input validation or cause incorrect parsing leading to data corruption, injection attacks, or application crashes.

🟠

Likely Case

Parsing errors causing application instability or minor data corruption when fetching redirected resources.

🟢

If Mitigated

Limited impact if applications don't use DOM/SimpleXML for external HTTP requests or have additional validation layers.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires control over HTTP resources being fetched and their redirect behavior.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PHP 8.1.32, 8.2.28, 8.3.19, 8.4.5

Vendor Advisory: https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc

Restart Required: Yes

Instructions:

1. Identify PHP version with 'php -v'. 2. Update PHP using your package manager (apt, yum, etc.). 3. Restart web server (Apache, Nginx, PHP-FPM). 4. Verify update with 'php -v'.

🔧 Temporary Workarounds

Disable external entity loading

all

Prevent DOM/SimpleXML from fetching external HTTP resources

libxml_disable_entity_loader(true);

Validate URLs before processing

all

Implement strict URL validation to only allow trusted sources

🧯 If You Can't Patch

  • Implement strict input validation for all data processed by DOM/SimpleXML extensions
  • Disable or restrict usage of DOM/SimpleXML for fetching external HTTP resources

🔍 How to Verify

Check if Vulnerable:

Run 'php -v' and check if version matches affected ranges: 8.1.0-8.1.31, 8.2.0-8.2.27, 8.3.0-8.3.18, 8.4.0-8.4.4

Check Version:

php -v | grep 'PHP'

Verify Fix Applied:

After update, confirm version is 8.1.32+, 8.2.28+, 8.3.19+, or 8.4.5+ with 'php -v'

📡 Detection & Monitoring

Log Indicators:

  • Errors in PHP logs related to DOM/SimpleXML parsing
  • Unexpected charset conversion errors
  • Increased failed HTTP requests to external resources

Network Indicators:

  • Unusual HTTP requests to external domains from PHP processes
  • Multiple redirects followed by parsing errors

SIEM Query:

source="php_error.log" AND ("DOM" OR "SimpleXML") AND ("charset" OR "redirect" OR "parsing")

📊 Metadata

CVE ID: CVE-2025-1219
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-1116
EPSS Score: 0.07% exploit probability (20.5th percentile)
Published: March 30, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON