Description

CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.

INFO

Published Date :

2025-01-20T15:57:37.975Z

Last Modified :

2025-01-21T14:51:01.754Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24013 vulnerability.

Vendors Products
Codeigniter
  • Codeigniter
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24013.

URL Resource
https://datatracker.ietf.org/doc/html/rfc7230#section-3.2 cve-icon cve-icon
https://github.com/advisories/GHSA-wxmh-65f7-jcvw cve-icon cve-icon
https://github.com/codeigniter4/CodeIgniter4/commit/5f8aa24280fb09947897d6b322bf1f0e038b13b6 cve-icon cve-icon
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-x5mq-jjr3-vmx6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact