wid-sec-w-2025-1460
Vulnerability from csaf_certbund
Published
2025-07-03 22:00
Modified
2025-08-04 22:00
Summary
PHP: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.
Angriff
Ein Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um Denial of Service oder Server-Side Request-Forgery Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um Denial of Service oder Server-Side Request-Forgery Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1460 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1460.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1460 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1460"
},
{
"category": "external",
"summary": "PHP 8 Changelog vom 2025-07-03",
"url": "https://www.php.net/ChangeLog-8.php"
},
{
"category": "external",
"summary": "PHP 8.1.33 Release vom 2025-07-03",
"url": "https://php.net/releases/8_1_33.php"
},
{
"category": "external",
"summary": "PHP 8.2.29 Release vom 2025-07-03",
"url": "https://php.net/releases/8_2_29.php"
},
{
"category": "external",
"summary": "PHP 8.3.23 Release vom 2025-07-03",
"url": "https://php.net/releases/8_3_23.php"
},
{
"category": "external",
"summary": "PHP 8.4.10 Release vom 2025-07-03",
"url": "https://php.net/releases/8_4_10.php"
},
{
"category": "external",
"summary": "GitHub PHP Security Advisory GHSA-3cr5-j632-f35r vom 2025-07-03 mit PoC",
"url": "https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"
},
{
"category": "external",
"summary": "GitHub PHP Security Advisory GHSA-hrwm-9436-5mv3 vom 2025-07-03",
"url": "https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3"
},
{
"category": "external",
"summary": "GitHub PHP Security Advisory GHSA-453j-q27h-5p8x vom 2025-07-03 mit PoC",
"url": "https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-2C344545BF vom 2025-07-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2c344545bf"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-DA047483D8 vom 2025-07-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-da047483d8"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15340-1 vom 2025-07-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TRR3JOFR4DCRDMX2C2ZBJLRM6MMU5JAJ/"
},
{
"category": "external",
"summary": "cPanel Change Log vom 2025-07-16",
"url": "https://docs.cpanel.net/changelogs/118-change-log/"
},
{
"category": "external",
"summary": "cPanel Change Log vom 2025-07-16",
"url": "https://docs.cpanel.net/changelogs/110-change-log/"
},
{
"category": "external",
"summary": "cPanel Change Log vom 2025-07-16",
"url": "https://docs.cpanel.net/changelogs/126-change-log/"
},
{
"category": "external",
"summary": "cPanel Change Log vom 2025-07-16",
"url": "https://docs.cpanel.net/changelogs/128-change-log/"
},
{
"category": "external",
"summary": "cPanel Change Log vom 2025-07-16",
"url": "https://docs.cpanel.net/changelogs/130-change-log/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7648-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7648-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02462-1 vom 2025-07-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021926.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02463-1 vom 2025-07-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021925.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02473-1 vom 2025-07-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021948.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02474-1 vom 2025-07-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021947.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4254 vom 2025-07-27",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00017.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5967 vom 2025-07-29",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00131.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2PHP8.2-2025-008 vom 2025-08-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2PHP8.2-2025-008.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2PHP8.1-2025-007 vom 2025-08-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2PHP8.1-2025-007.html"
}
],
"source_lang": "en-US",
"title": "PHP: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-04T22:00:00.000+00:00",
"generator": {
"date": "2025-08-05T07:21:25.474+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1460",
"initial_release_date": "2025-07-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von European Union Vulnerability Database und openSUSE aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-27T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-08-04T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.33",
"product": {
"name": "Open Source PHP \u003c8.1.33",
"product_id": "T045045"
}
},
{
"category": "product_version",
"name": "8.1.33",
"product": {
"name": "Open Source PHP 8.1.33",
"product_id": "T045045-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:php:php:8.1.33"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.2.29",
"product": {
"name": "Open Source PHP \u003c8.2.29",
"product_id": "T045046"
}
},
{
"category": "product_version",
"name": "8.2.29",
"product": {
"name": "Open Source PHP 8.2.29",
"product_id": "T045046-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:php:php:8.2.29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.3.23",
"product": {
"name": "Open Source PHP \u003c8.3.23",
"product_id": "T045048"
}
},
{
"category": "product_version",
"name": "8.3.23",
"product": {
"name": "Open Source PHP 8.3.23",
"product_id": "T045048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:php:php:8.3.23"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.4.10",
"product": {
"name": "Open Source PHP \u003c8.4.10",
"product_id": "T045049"
}
},
{
"category": "product_version",
"name": "8.4.10",
"product": {
"name": "Open Source PHP 8.4.10",
"product_id": "T045049-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:php:php:8.4.10"
}
}
}
],
"category": "product_name",
"name": "PHP"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c110.0.70",
"product": {
"name": "cPanel cPanel/WHM \u003c110.0.70",
"product_id": "T045471"
}
},
{
"category": "product_version",
"name": "110.0.70",
"product": {
"name": "cPanel cPanel/WHM 110.0.70",
"product_id": "T045471-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:110.0.70"
}
}
},
{
"category": "product_version_range",
"name": "\u003c118.0.52",
"product": {
"name": "cPanel cPanel/WHM \u003c118.0.52",
"product_id": "T045472"
}
},
{
"category": "product_version",
"name": "118.0.52",
"product": {
"name": "cPanel cPanel/WHM 118.0.52",
"product_id": "T045472-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:118.0.52"
}
}
},
{
"category": "product_version_range",
"name": "\u003c126.0.27",
"product": {
"name": "cPanel cPanel/WHM \u003c126.0.27",
"product_id": "T045473"
}
},
{
"category": "product_version",
"name": "126.0.27",
"product": {
"name": "cPanel cPanel/WHM 126.0.27",
"product_id": "T045473-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:126.0.27"
}
}
},
{
"category": "product_version_range",
"name": "\u003c128.0.17",
"product": {
"name": "cPanel cPanel/WHM \u003c128.0.17",
"product_id": "T045474"
}
},
{
"category": "product_version",
"name": "128.0.17",
"product": {
"name": "cPanel cPanel/WHM 128.0.17",
"product_id": "T045474-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:128.0.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c130.0.3",
"product": {
"name": "cPanel cPanel/WHM \u003c130.0.3",
"product_id": "T045475"
}
},
{
"category": "product_version",
"name": "130.0.3",
"product": {
"name": "cPanel cPanel/WHM 130.0.3",
"product_id": "T045475-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cpanel:cpanel_whm:130.0.3"
}
}
}
],
"category": "product_name",
"name": "cPanel/WHM"
}
],
"category": "vendor",
"name": "cPanel"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1220",
"product_status": {
"known_affected": [
"74185",
"T045049",
"2951",
"T002207",
"T000126",
"T027843",
"T045471",
"398363",
"T045473",
"T045472",
"T045046",
"T045475",
"T045045",
"T045474",
"T045048"
]
},
"release_date": "2025-07-03T22:00:00.000+00:00",
"title": "CVE-2025-1220"
},
{
"cve": "CVE-2025-1735",
"product_status": {
"known_affected": [
"74185",
"T045049",
"2951",
"T002207",
"T000126",
"T027843",
"T045471",
"398363",
"T045473",
"T045472",
"T045046",
"T045475",
"T045045",
"T045474",
"T045048"
]
},
"release_date": "2025-07-03T22:00:00.000+00:00",
"title": "CVE-2025-1735"
},
{
"cve": "CVE-2025-6491",
"product_status": {
"known_affected": [
"74185",
"T045049",
"2951",
"T002207",
"T000126",
"T027843",
"T045471",
"398363",
"T045473",
"T045472",
"T045046",
"T045475",
"T045045",
"T045474",
"T045048"
]
},
"release_date": "2025-07-03T22:00:00.000+00:00",
"title": "CVE-2025-6491"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…