Search for vulnerabilities
Vulnerability details: VCID-m81q-5z8a-4khm
Vulnerability ID VCID-m81q-5z8a-4khm
Aliases CVE-2015-8125
GHSA-g97c-jfx6-xvxh
Summary Symfony Vulnerable to Timing Attack Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) `Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices` or (2) `Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener` class in the Symfony Security Component, or (3) legacy CSRF implementation from the `Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider` class in the Symfony Form component.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.76042
EPSS Score 0.01008
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:27:22.464989+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g97c-jfx6-xvxh/GHSA-g97c-jfx6-xvxh.json 36.1.3