{"id":"CVE-2025-1219","summary":"libxml streams use wrong content-type header when requesting a redirected resource","details":"In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.","aliases":["BIT-libphp-2025-1219","BIT-php-2025-1219","BIT-php-min-2025-1219","GHSA-p3x9-6h7p-cgfc"],"modified":"2026-05-15T04:12:59.431061227Z","published":"2025-03-30T05:33:13.801Z","related":["ALSA-2025:15687","ALSA-2025:4263","ALSA-2025:7418","ALSA-2025:7431","ALSA-2025:7432","ALSA-2025:7489","ALSA-2026:2470","SUSE-SU-2025:0994-1","SUSE-SU-2025:1012-1","SUSE-SU-2025:1025-1","SUSE-SU-2025:1026-1","openSUSE-SU-2025:14895-1"],"database_specific":{"cna_assigner":"php","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1219.json"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1219.json"},{"type":"ADVISORY","url":"https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1219"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250523-0007/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}]}