CVE-2025-7381 Information

Description

ImpactThis is an information disclosure vulnerability originating from PHP’s base image. This vulnerability exposes the PHP version through an X-Powered-By header which attackers could exploit to fingerprint the server and identify potential weaknesses.

WorkaroundsThe mitigation requires changing the expose_php variable from \On\ to \Off\ in the file located at /usr/local/etc/php/php.ini.

Reference

https://github.com/mautic/docker-mautic/security/advisories/GHSA-89jm-p7jf-x8jx

Related CNNVD

CNNVD-202507-1347 (Published: 2025-07-09)