VULNERABILITY

Amazon Linux 2023: CVE-2025-1861: Medium priority package update for php8.1 (Multiple Advisories)

Try Surface Command Get a continuous 360° view of your attack surface

Back to Search

Amazon Linux 2023: CVE-2025-1861: Medium priority package update for php8.1 (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

03/30/2025

Created

04/04/2025

Added

04/03/2025

Modified

04/03/2025

Description

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location. A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection to the wrong location via HTTP redirect handling due to a limited location buffer size.

Solution(s)

amazon-linux-2023-upgrade-php8-1
amazon-linux-2023-upgrade-php8-1-bcmath
amazon-linux-2023-upgrade-php8-1-bcmath-debuginfo
amazon-linux-2023-upgrade-php8-1-cli
amazon-linux-2023-upgrade-php8-1-cli-debuginfo
amazon-linux-2023-upgrade-php8-1-common
amazon-linux-2023-upgrade-php8-1-common-debuginfo
amazon-linux-2023-upgrade-php8-1-dba
amazon-linux-2023-upgrade-php8-1-dba-debuginfo
amazon-linux-2023-upgrade-php8-1-dbg
amazon-linux-2023-upgrade-php8-1-dbg-debuginfo
amazon-linux-2023-upgrade-php8-1-debuginfo
amazon-linux-2023-upgrade-php8-1-debugsource
amazon-linux-2023-upgrade-php8-1-devel
amazon-linux-2023-upgrade-php8-1-embedded
amazon-linux-2023-upgrade-php8-1-embedded-debuginfo
amazon-linux-2023-upgrade-php8-1-enchant
amazon-linux-2023-upgrade-php8-1-enchant-debuginfo
amazon-linux-2023-upgrade-php8-1-ffi
amazon-linux-2023-upgrade-php8-1-ffi-debuginfo
amazon-linux-2023-upgrade-php8-1-fpm
amazon-linux-2023-upgrade-php8-1-fpm-debuginfo
amazon-linux-2023-upgrade-php8-1-gd
amazon-linux-2023-upgrade-php8-1-gd-debuginfo
amazon-linux-2023-upgrade-php8-1-gmp
amazon-linux-2023-upgrade-php8-1-gmp-debuginfo
amazon-linux-2023-upgrade-php8-1-intl
amazon-linux-2023-upgrade-php8-1-intl-debuginfo
amazon-linux-2023-upgrade-php8-1-ldap
amazon-linux-2023-upgrade-php8-1-ldap-debuginfo
amazon-linux-2023-upgrade-php8-1-mbstring
amazon-linux-2023-upgrade-php8-1-mbstring-debuginfo
amazon-linux-2023-upgrade-php8-1-mysqlnd
amazon-linux-2023-upgrade-php8-1-mysqlnd-debuginfo
amazon-linux-2023-upgrade-php8-1-odbc
amazon-linux-2023-upgrade-php8-1-odbc-debuginfo
amazon-linux-2023-upgrade-php8-1-opcache
amazon-linux-2023-upgrade-php8-1-opcache-debuginfo
amazon-linux-2023-upgrade-php8-1-pdo
amazon-linux-2023-upgrade-php8-1-pdo-debuginfo
amazon-linux-2023-upgrade-php8-1-pgsql
amazon-linux-2023-upgrade-php8-1-pgsql-debuginfo
amazon-linux-2023-upgrade-php8-1-process
amazon-linux-2023-upgrade-php8-1-process-debuginfo
amazon-linux-2023-upgrade-php8-1-pspell
amazon-linux-2023-upgrade-php8-1-pspell-debuginfo
amazon-linux-2023-upgrade-php8-1-snmp
amazon-linux-2023-upgrade-php8-1-snmp-debuginfo
amazon-linux-2023-upgrade-php8-1-soap
amazon-linux-2023-upgrade-php8-1-soap-debuginfo
amazon-linux-2023-upgrade-php8-1-tidy
amazon-linux-2023-upgrade-php8-1-tidy-debuginfo
amazon-linux-2023-upgrade-php8-1-xml
amazon-linux-2023-upgrade-php8-1-xml-debuginfo
amazon-linux-2023-upgrade-php8-1-zip
amazon-linux-2023-upgrade-php8-1-zip-debuginfo
amazon-linux-2023-upgrade-php8-3
amazon-linux-2023-upgrade-php8-3-bcmath
amazon-linux-2023-upgrade-php8-3-bcmath-debuginfo
amazon-linux-2023-upgrade-php8-3-cli
amazon-linux-2023-upgrade-php8-3-cli-debuginfo
amazon-linux-2023-upgrade-php8-3-common
amazon-linux-2023-upgrade-php8-3-common-debuginfo
amazon-linux-2023-upgrade-php8-3-dba
amazon-linux-2023-upgrade-php8-3-dba-debuginfo
amazon-linux-2023-upgrade-php8-3-dbg
amazon-linux-2023-upgrade-php8-3-dbg-debuginfo
amazon-linux-2023-upgrade-php8-3-debuginfo
amazon-linux-2023-upgrade-php8-3-debugsource
amazon-linux-2023-upgrade-php8-3-devel
amazon-linux-2023-upgrade-php8-3-embedded
amazon-linux-2023-upgrade-php8-3-embedded-debuginfo
amazon-linux-2023-upgrade-php8-3-enchant
amazon-linux-2023-upgrade-php8-3-enchant-debuginfo
amazon-linux-2023-upgrade-php8-3-ffi
amazon-linux-2023-upgrade-php8-3-ffi-debuginfo
amazon-linux-2023-upgrade-php8-3-fpm
amazon-linux-2023-upgrade-php8-3-fpm-debuginfo
amazon-linux-2023-upgrade-php8-3-gd
amazon-linux-2023-upgrade-php8-3-gd-debuginfo
amazon-linux-2023-upgrade-php8-3-gmp
amazon-linux-2023-upgrade-php8-3-gmp-debuginfo
amazon-linux-2023-upgrade-php8-3-intl
amazon-linux-2023-upgrade-php8-3-intl-debuginfo
amazon-linux-2023-upgrade-php8-3-ldap
amazon-linux-2023-upgrade-php8-3-ldap-debuginfo
amazon-linux-2023-upgrade-php8-3-mbstring
amazon-linux-2023-upgrade-php8-3-mbstring-debuginfo
amazon-linux-2023-upgrade-php8-3-modphp
amazon-linux-2023-upgrade-php8-3-modphp-debuginfo
amazon-linux-2023-upgrade-php8-3-mysqlnd
amazon-linux-2023-upgrade-php8-3-mysqlnd-debuginfo
amazon-linux-2023-upgrade-php8-3-odbc
amazon-linux-2023-upgrade-php8-3-odbc-debuginfo
amazon-linux-2023-upgrade-php8-3-opcache
amazon-linux-2023-upgrade-php8-3-opcache-debuginfo
amazon-linux-2023-upgrade-php8-3-pdo
amazon-linux-2023-upgrade-php8-3-pdo-debuginfo
amazon-linux-2023-upgrade-php8-3-pgsql
amazon-linux-2023-upgrade-php8-3-pgsql-debuginfo
amazon-linux-2023-upgrade-php8-3-process
amazon-linux-2023-upgrade-php8-3-process-debuginfo
amazon-linux-2023-upgrade-php8-3-pspell
amazon-linux-2023-upgrade-php8-3-pspell-debuginfo
amazon-linux-2023-upgrade-php8-3-snmp
amazon-linux-2023-upgrade-php8-3-snmp-debuginfo
amazon-linux-2023-upgrade-php8-3-soap
amazon-linux-2023-upgrade-php8-3-soap-debuginfo
amazon-linux-2023-upgrade-php8-3-sodium
amazon-linux-2023-upgrade-php8-3-sodium-debuginfo
amazon-linux-2023-upgrade-php8-3-tidy
amazon-linux-2023-upgrade-php8-3-tidy-debuginfo
amazon-linux-2023-upgrade-php8-3-xml
amazon-linux-2023-upgrade-php8-3-xml-debuginfo
amazon-linux-2023-upgrade-php8-3-zip
amazon-linux-2023-upgrade-php8-3-zip-debuginfo

References

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

VULNERABILITY

Amazon Linux 2023: CVE-2025-1861: Medium priority package update for php8.1 (Multiple Advisories)

Amazon Linux 2023: CVE-2025-1861: Medium priority package update for php8.1 (Multiple Advisories)

Description

Solution(s)

References

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.

CUSTOMER SUPPORT

SALES SUPPORT

Need immediate help with a breach?

CUSTOMER SUPPORT

SALES SUPPORT

Need immediate help with a breach?