CVE-2025-7381
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-07-10
Assigner: Mautic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| php | php | * |
| mautic | mautic | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure issue in PHP's base image that exposes the PHP version via the X-Powered-By header. Attackers can use this information to fingerprint the server and identify potential weaknesses.
How can this vulnerability impact me? :
The vulnerability can allow attackers to gain information about the PHP version running on your server, which can be used to identify and exploit known vulnerabilities specific to that version, potentially leading to targeted attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the PHP version is exposed in the HTTP response headers, specifically the X-Powered-By header. You can use commands like: curl -I http://yourserver.com | grep X-Powered-By or use tools like nmap with http-headers script to inspect the headers for PHP version disclosure.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately change the expose_php variable from "On" to "Off" in the /usr/local/etc/php/php.ini file. This will prevent the PHP version from being disclosed in the X-Powered-By header.