Corgea LogoCorgea Security Hub
MEDIUM Severity

Threat Advisory: CVE-2025-43717

In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, refle...

Overview

The vulnerability identified as CVE-2025-43717 is a medium-severity issue present in PEAR HTTP_Request2 versions preceding 2.7.0. It allows Cross-Site Scripting (XSS) attacks due to the reflection of GET or POST parameters in multiple files within the tests directory.

Technical Details

This vulnerability pertains to the PEAR HTTP_Request2 software, specifically versions before 2.7.0. The affected files include tests/_network/getparameters.php and tests/_network/postparameters.php, which improperly reflect any GET or POST parameters. This flaw, categorized as CWE-531, can lead to Cross-Site Scripting (XSS) attacks, where an attacker can inject malicious scripts into web applications viewed by other users.

CVSS Metrics

The CVSS (Common Vulnerability Scoring System) metrics for this vulnerability are as follows:

  • Base Score: 5.4 (MEDIUM)
  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: NONE
  • Exploitability Score: 2.2
  • Impact Score: 2.7

Impact

If exploited, this vulnerability could lead to a breach of data confidentiality and integrity. Although the impact is rated as low, successful attacks can still allow unauthorized disclosure of information and unauthorized modification of data. The vulnerability also has the potential to affect the scope of a user's system beyond the vulnerable component.

Recommendations

To mitigate this vulnerability, users are urged to update their PEAR HTTP_Request2 software to version 2.7.0 or later. Additionally, it is recommended to validate and sanitize all input parameters and adopt a content security policy that only allows scripts from trusted sources. Regularly updating and patching software can help to prevent such vulnerabilities in the future.

Threat Metrics

"cvss_score": 5.4 "severity": "MEDIUM" "attack_vector": "NETWORK" "attack_complexity": "HIGH"

Corgea can help you find and fix vulnerabilities like this in your codebase. Try Corgea free today.