CVE-2025-1220 | PHP up to 8.1.32/8.2.28/8.3.22/8.4.9 Null Character fsockopen Hostname server-side request forgery (GHSA-3cr5-j632-f35r)

A vulnerability, which was classified as critical, was found in PHP up to 8.1.32/8.2.28/8.3.22/8.4.9. This affects the function fsockopen of the component Null Character Handler. The manipulation of the argument Hostname leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2025-1220. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More