CVE-2025-1219

MEDIUM

PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-1219. PoCs published by BreadSquad.

AI-analyzed exploit summary This repository contains a bash script that scans for CVE-2025-1219 by testing various payloads against a target URL. It checks for WAF/firewall presence and tests payloads from a file to identify potential vulnerabilities.

Description

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

Exploits (1)

nomisec SCANNER 2 stars
by BreadSquad · poc
https://github.com/BreadSquad/ediop3PHP

This repository contains a bash script that scans for CVE-2025-1219 by testing various payloads against a target URL. It checks for WAF/firewall presence and tests payloads from a file to identify potential vulnerabilities.

Classification
Scanner 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: unknown (CVE-2025-1219)
No auth needed
Prerequisites: target URL · payload file (payloads1219.txt)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0071
EPSS Percentile 48.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-1116
Status published
Products (1)
php/php 8.1.0 - 8.1.32
Published Mar 30, 2025
Tracked Since Feb 18, 2026