CVE-2025-1219: 
PHP vulnerability analysis and mitigation

In PHP versions 8.1. before 8.1.32, 8.2. before 8.2.28, 8.3. before 8.3.19, and 8.4. before 8.4.5, a vulnerability was identified in the DOM and SimpleXML extensions when handling HTTP resources with redirects. The issue stems from incorrect handling of content-type headers during HTTP redirects, which can lead to improper document parsing or validation bypass (PHP Advisory).

The vulnerability occurs when the HTTP stream wrapper follows a redirect but fails to clear the list of captured headers before performing subsequent requests. As a result, the response headers array contains headers from multiple requests concatenated together. The phplibxmlinputbuffercreatefilename() and phplibxmlsniffcharsetfromstream() functions scan this header array from top to bottom and return after finding the first content-type header, which may not correspond to the actual HTML body being parsed. The vulnerability has been assigned a CVSS 4.0 Base Score of 6.3 (Medium) with the vector string CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N (PHP Advisory, NVD).

The vulnerability allows attackers to manipulate document parsing, potentially changing the meaning of processed documents and bypassing validation mechanisms. When such documents are exported using the saveHtml() method, they retain the original charset. This affects any applications that request documents via HTTP using the DOM or SimpleXML extensions (PHP Advisory).

The vulnerability has been fixed in PHP versions 8.1.32, 8.2.28, 8.3.19, and 8.4.5. Users are advised to upgrade to these patched versions to mitigate the risk. Various Linux distributions have also released security updates to address this vulnerability, including Ubuntu and Debian (Ubuntu Notice, Debian Tracker).