CVE-2025-22145 | CarbonPHP carbon up to 2.72.5/3.8.3 Carbon::setLocale filename control

Posted by Angelo Barbosa | Jan 8, 2025 | CVE

A vulnerability, which was classified as critical, has been found in CarbonPHP carbon up to 2.72.5/3.8.3. Affected by this issue is the function Carbon::setLocale. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2025-22145. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-22145 | CarbonPHP carbon up to 2.72.5/3.8.3 Carbon::setLocale filename control

Related Posts

CVE-2023-46281 | Siemens Opcenter Quality unknown vulnerability (ssa-999588)

CVE-2024-8622 | amCharts Plugin up to 1.4.4 on WordPress cross-site request forgery

CVE-2024-25657 | AVSystem Unified Management Platform 23.07.0.16567~LTS Login/Logout redirect

CVE-2024-35109 | idcCMS 1.35 homePro_deal.php cross-site request forgery