Home

Description

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changing the expose_php variable from "On" to "Off" in the file located at /usr/local/etc/php/php.ini.

PUBLISHED Reserved 2025-07-09 | Published 2025-07-09 | Updated 2025-07-10 | Assigner Mautic




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-497

Product status

Default status
unaffected

<= 6.0.3-20250707-apache (custom)
affected

<= 6.0.3-20250707-fpm (custom)
affected

<= 5.2.7-20250707-apache (custom)
affected

<= 5.2.7-20250707-fpm (custom)
affected

Credits

cibero42 finder

cibero42 remediation developer

cibero42 reporter

References

github.com/...mautic/security/advisories/GHSA-89jm-p7jf-x8jx

cve.org (CVE-2025-7381)

nvd.nist.gov (CVE-2025-7381)

Download JSON