← Back

CVE-2025-24013

nvd nist
Published: Jan 20, 2025Modified: Aug 1, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: security-advisories@github.com (Secondary)

Description

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.

Affected (1)

Codeigniter
1 product
Codeigniter
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Codeigniter
Before 4.5.8

Related CWEs

CWE-436
Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

References (4)

Source: security-advisories@github.com
Technical Description
Source: security-advisories@github.com
Not Applicable
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.