DEBIAN-CVE-2025-27515

Details

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (files.*), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.

Affected Packages

php-laravel-framework

Debian 11

Affected versions:

10.48.25+dfsg-110.48.25+dfsg-210.48.29+dfsg-111.44.0-111.44.2+dfsg-111.46.1+dfsg-111.46.1+dfsg-211.46.1+dfsg-311.46.1+dfsg-46.20.14+dfsg-2+5 more

php-laravel-framework

Debian 12

Affected versions:

10.48.25+dfsg-110.48.25+dfsg-210.48.29+dfsg-111.44.0-111.44.2+dfsg-111.46.1+dfsg-111.46.1+dfsg-211.46.1+dfsg-311.46.1+dfsg-48.83.26+dfsg-2

php-laravel-framework

Debian 13Debian 14

Fixed in:

10.48.29+dfsg-1

References

ADVISORY

https://security-tracker.debian.org/tracker/CVE-2025-27515