CVE-2024-8925

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8925

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8925.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-8925

Aliases

Downstream

BELL-CVE-2024-8925

DEBIAN-CVE-2024-8925

DLA-3920-1

DSA-5780-1

OESA-2024-2248

RHSA-2024:10949

RHSA-2024:10950

RHSA-2024:10951

RHSA-2024:10952

RHSA-2025:7315

RLSA-2024:10949

RLSA-2024:10950

SUSE-SU-2024:3664-1

SUSE-SU-2024:3729-1

SUSE-SU-2024:3732-1

SUSE-SU-2024:3733-1

UBUNTU-CVE-2024-8925

USN-7049-1

USN-7049-2

USN-7049-3

openSUSE-SU-2024:14376-1

Related

Published

2024-10-08T04:15:09Z

Modified

2025-10-15T04:34:31Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.

References

https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115

Fixed

773c0eda4ac8181c59a6510a39c37710679277a4