CNNVD-202511-1316 Information
CNNVD ID
CNNVD-202511-1316
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
Symfony是Symfony公司的一个用于 Web 和控制台应用程序的 PHP 框架以及一组可重用的 PHP 组件。 Symfony 5.4.50之前版本、6.4.29之前版本和7.3.7之前版本存在安全漏洞,该漏洞源于PATH_INFO解析不当,可能导致绕过访问控制规则。
Description (English)
Symfony is a PHP framework for web and console applications and a reusable PHP component. There is a security loophole in previous versions of Symfony 5.4.50, 6.4.29 and 7.3.7, which stems from the inappropriate interpretation of PATH INFO, which may lead to circumventing access control rules.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Symfony
Published
2025-11-12
Last Modified
2026-02-24
References
https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml https://vigilance.fr/vulnerability/Symfony-information-disclosure-via-PATH-INFO-48740
Patch
https://github.com/symfony/symfony/releases
Share on: