{"id":"CVE-2025-1220","details":"In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.","aliases":["BIT-libphp-2025-1220","BIT-php-2025-1220","BIT-php-min-2025-1220"],"modified":"2026-03-13T07:59:10.133319Z","published":"2025-07-13T23:15:22.773Z","related":["ALSA-2025:23309","ALSA-2026:1409","ALSA-2026:1412","ALSA-2026:2470","GHSA-3cr5-j632-f35r","MGASA-2025-0203","SUSE-SU-2025:02462-1","SUSE-SU-2025:02463-1","SUSE-SU-2025:02473-1","SUSE-SU-2025:02474-1","openSUSE-SU-2025:15340-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/07/11/4"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00017.html"},{"type":"EVIDENCE","url":"https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115"},{"fixed":"1996831969293a866863f7148f5416e99ea123cb"},{"introduced":"70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2"},{"fixed":"a6855fae73d7a969788e7ec916ae6c4cda2fc7e3"},{"introduced":"d26068059e83fe40de3430a512471d194119bee0"},{"fixed":"ad881e753961115ceaf340bc47e7151fd9be1b45"},{"introduced":"b437f2b32eb364c9496d24abcc734272e5c9c980"},{"fixed":"5b61b6dd838cd5fc70f1f1325dfdfd8730d966fb"}],"database_specific":{"versions":[{"introduced":"8.1.0"},{"fixed":"8.1.33"},{"introduced":"8.2.0"},{"fixed":"8.2.29"},{"introduced":"8.3.0"},{"fixed":"8.3.23"},{"introduced":"8.4.0"},{"fixed":"8.4.10"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1220.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}