CVE-2025-7381

Summary

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses.

WorkaroundsThe mitigation requires changing the expose_php variable from "On" to "Off" in the file located at /usr/local/etc/php/php.ini.

Affected Software

VendorProductVersion RangeStatus
mauticDocker Mautic<= 6.0.3-20250707-apacheaffected
mauticDocker Mautic<= 6.0.3-20250707-fpmaffected
mauticDocker Mautic<= 5.2.7-20250707-apacheaffected
mauticDocker Mautic<= 5.2.7-20250707-fpmaffected

Weaknesses

  • CWE-497: CWE-497

Workarounds

The mitigation requires changing the expose_php variable from "On" to "Off" in the file located at /usr/local/etc/php/php.ini.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References