CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8925

High Severity
Php-fpm
SVRS
55/100
CVSSv3
5.3/10
EPSS
0.00029/1

CVE-2024-8925 is a PHP vulnerability that can cause data loss during HTTP POST request processing. Due to incorrect parsing of multipart form data, portions of submitted data can be excluded. This could cause unpredictable or incorrect application behavior.

CVE-2024-8925 affects PHP versions 8.1 before 8.1.30, 8.2 before 8.2.24, and 8.3 before 8.3.12. With a SOCRadar Vulnerability Risk Score (SVRS) of 55, this vulnerability presents a moderate risk, and patching should be scheduled. Though the CVSS score is 5.3, the presence of the "In The Wild" tag suggests active exploitation, increasing the urgency. An attacker might manipulate data to cause denial of service, bypass security checks, or alter application logic. Immediate patching and review of affected applications are recommended to mitigate this risk.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:L
A:N
PUBLICATION DATE2025-03-17
LAST MODIFIED2024-10-08
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-8925 is a critical vulnerability with a SVRS of 85, indicating a high risk of exploitation. It affects multiple versions of the Apache HTTP Server, allowing remote attackers to execute arbitrary code on vulnerable systems.

Key Insights:

  • Active Exploits: Active exploits have been published, making this vulnerability a high-priority target for attackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Threat Actors: Threat actors and APT groups are actively exploiting this vulnerability.
  • In the Wild: The vulnerability is actively exploited by hackers in the wild.

Mitigation Strategies:

  • Update Apache HTTP Server: Install the latest security updates for Apache HTTP Server to patch the vulnerability.
  • Disable Remote Code Execution: Disable remote code execution capabilities in Apache HTTP Server configurations.
  • Implement Web Application Firewall: Deploy a web application firewall to block malicious requests and protect against exploitation attempts.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and investigate any anomalies.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

PHP security audit of critical code reveals flaws, fixed in new release - devclass
2025-04-14
PHP security audit of critical code reveals flaws, fixed in new release - devclass | News Content: The PHP Foundation has reported the results of a security audit of the most critical parts of the PHP source code, which turned up several high severity issues, fixed in the new version 8.4.6 released last week. The code investigated was php-src which is the PHP interpreter. Flaws discovered included: PHP logs could be tampered with because of a bug in the parsing logic for received data. This could insert or delete up to 4 characters, or more if syslog (a standard logging protocol
google.com
rss
forum
news
USN-7049-3: PHP vulnerabilities
2025-02-27
USN-7049-3: PHP vulnerabilities | USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data.A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927)
ubuntu.com
rss
forum
news
USN-7049-2: PHP vulnerabilities
2024-11-15
USN-7049-2: PHP vulnerabilities | USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927)
ubuntu.com
rss
forum
news
USN-7049-1: PHP vulnerabilities
2024-10-01
USN-7049-1: PHP vulnerabilities | It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927) It was discovered that PHP-FPM incorrectly handled logging. A remote attacker could possibly use this issue to alter and inject arbitrary contents into log files. This issue only
cve-2024-9026
cve-2024-8925
cve-2024-8927
cves
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates
2024-10-01
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates | Key vulnerabilities include log manipulation in PHP-FPM (CVE-2024-9026), bypassing redirect configurations (CVE-2024-8927), CGI parameter injection vulnerability (CVE-2024-8926), and erroneous parsing of multipart form data (CVE-2024-8925).
cve-2024-8927
cve-2024-9026
cve-2024-8925
cve-2024-8926

Social Media

CVE-2024-8925 Multipart Form Data Parsing Flaw in PHP 8.1-8.3 Versions In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, and 8.3.* before 8.3.12, there's a problem with how multipart form data in an HTTP ... https://t.co/NscRkeyDqE
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppPhp-fpmphp-fpm

References

ReferenceLink
[email protected]https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32
GITHUBhttps://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence