CVE-2025-22145 | CarbonPHP carbon up to 2.72.5/3.8.3 Carbon::setLocale filename control

Inserito da Angelo Barbosa | Gen 8, 2025 | CVE

A vulnerability, which was classified as critical, has been found in CarbonPHP carbon up to 2.72.5/3.8.3. Affected by this issue is the function Carbon::setLocale. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2025-22145. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-22145 | CarbonPHP carbon up to 2.72.5/3.8.3 Carbon::setLocale filename control

Post correlati

CVE-2024-39277 | Linux Kernel up to 5.15.160/6.1.92/6.6.32/6.9.3 topology.h cpumask_of_node array index

CVE-2024-54982 | Quectel BC25 BC25PAR01A06 NAS Message improper authentication

CVE-2024-1104 | Areal Topkapi Webserv2 6.2.4776 excessive authentication

CVE-2024-3097 | Gallery Plugin up to 3.59 on WordPress authorization