-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

cPanel, L.L.C. has updated packages for EasyApache 4 with a updated versions of PHP 8.1, 8.2, 8.3, and 8.4. This release addresses vulnerabilities related to CVE-2025-1736, CVE-2025-1861, CVE-2025-1734, CVE-2025-1217, CVE-2025-1219, and CVE-2024-11235. We strongly encourage all PHP 8.1 users to update to version 8.1.32, all PHP 8.2 users to update to version 8.2.28, all PHP 8.3 users to update to version 8.3.19, and all PHP 8.4 users to update to version 8.4.5.

 
AFFECTED VERSIONS
All versions of PHP 8.1 through 8.1.31.
All versions of PHP 8.2 through 8.2.27.
All versions of PHP 8.3 through 8.3.17.
All versions of PHP 8.4 through 8.4.4.


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2025-1736 - MEDIUM
PHP 8.1.32
Fixed vulnerability related to CVE-2025-1736.

PHP 8.2.28
Fixed vulnerability related to CVE-2025-1736.

PHP 8.3.19
Fixed vulnerability related to CVE-2025-1736.

PHP 8.4.5
Fixed vulnerability related to CVE-2025-1736.


CVE-2025-1861 - MEDIUM
PHP 8.1.32
Fixed vulnerability related to CVE-2025-1861.

PHP 8.2.28
Fixed vulnerability related to CVE-2025-1861.

PHP 8.3.19
Fixed vulnerability related to CVE-2025-1861.

PHP 8.4.5
Fixed vulnerability related to CVE-2025-1861.


CVE-2025-1734 - MEDIUM
PHP 8.1.32
Fixed vulnerability related to CVE-2025-1734.

PHP 8.2.28
Fixed vulnerability related to CVE-2025-1734.

PHP 8.3.19
Fixed vulnerability related to CVE-2025-1734.

PHP 8.4.5
Fixed vulnerability related to CVE-2025-1734.


CVE-2025-1217 - MEDIUM
PHP 8.1.32
Fixed vulnerability related to CVE-2025-1217.

PHP 8.2.28
Fixed vulnerability related to CVE-2025-1217.

PHP 8.3.19
Fixed vulnerability related to CVE-2025-1217.

PHP 8.4.5
Fixed vulnerability related to CVE-2025-1217.


CVE-2025-1219 - MEDIUM
PHP 8.1.32
Fixed vulnerability related to CVE-2025-1219.

PHP 8.2.28
Fixed vulnerability related to CVE-2025-1219.

PHP 8.3.19
Fixed vulnerability related to CVE-2025-1219.

PHP 8.4.5
Fixed vulnerability related to CVE-2025-1219.


CVE-2024-11235 - MEDIUM
PHP 8.1.32
Fixed vulnerability related to CVE-2024-11235.

PHP 8.2.28
Fixed vulnerability related to CVE-2024-11235.

PHP 8.3.19
Fixed vulnerability related to CVE-2024-11235.

PHP 8.4.5
Fixed vulnerability related to CVE-2024-11235.


SOLUTION
cPanel, L.L.C. has released updated packages for EasyApache 4 25.10 on 2025 March 19, with PHP versions 8.1.32, 8.2.28, 8.3.19, and 8.4.5. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2025-1736
https://www.cve.org/CVERecord?id=CVE-2025-1861
https://www.cve.org/CVERecord?id=CVE-2025-1734
https://www.cve.org/CVERecord?id=CVE-2025-1217
https://www.cve.org/CVERecord?id=CVE-2025-1219
https://www.cve.org/CVERecord?id=CVE-2024-11235
https://www.php.net/ChangeLog-8.php#8.2.28
https://www.php.net/ChangeLog-8.php#8.1.32
https://www.php.net/ChangeLog-8.php#8.4.5
https://www.php.net/ChangeLog-8.php#8.3.19
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmfbNeQACgkQlSG+3KvZ
Td/gBA/8C+ywpg04Eo0c0PFdIgNf+S7/7SxsD+d2yHB3+TKUnj11EJLmcnGoTrkY
T3yQsv0EjWcuN2y7kdWtFf+8U4q4QzeqadVRWH3a37fbODr3kPZKDbV6bso73E6t
38ZDGNgGlo23ffAUAW0AJoQ3QxczdrycXkpwhl2wWdoe5ZHli3F+CTteBke+foiW
cP5c2xGteTK95enkyDwRynQI/ELRqWSXQkJHIY9hJ3S/ixkNkYoeJEDtgGxWQpm3
jn+8is0gqtbxGug0AebiCeg/sh3oz1bFsWrRx8iXnkbi3P14X+IxjERcZgL/H0W/
smfLQ7nux4TyZtPUUyxwceiCWgAnTFuodAqHcSBPdabWNDnVFzCT7BNn+44tzR4s
d5chTxT6DSXTJxt59Db4Q8Bh+QB46AndhINxLA0J8hcmFTIQ/La1d+YDZJjIAFUx
mdppJmcdsDS53tyFytPXoB6dYUIYg/o/V8xjJA5xn/B16fYLQqTqUPrKLff5+mFA
b4kIgihHJ1wsX3bqTeTkzGWoqY4/5ptu7qQVFyit3ag0Y4UUkR66mThXKTwAbSB3
zhYv6or6STXTL+8GjUO7UJhu8iv1ysaPVCD1yjLqJtSGN5p1Rp/BFQNwSwqBC9WE
t5ho51UJ5eKCnXj7lCRsQTkKsez/SBTpFsNS064FZ7caHcM/hCM=
=aLDP
-----END PGP SIGNATURE-----