Vulnerability affecting PHP on Windows

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00pm, 15 January 2025

TLP Rating: Clear

Vulnerability affecting PHP on Windows

CVE-2024-4577 is a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows. Successful exploitation enables unauthenticated attackers to execute arbitrary code and can lead to complete system compromise.

The NCSC is aware of active exploitation of this vulnerability.

An upgrade to the versions listed on the vendor website is recommended.

What's happening

Systems affected

All versions of PHP on Windows prior to these versions:
• 8.1.29,
• 8.2.20, and
• 8.3.8.

What this means

This vulnerability impacts all versions of PHP on Windows prior to the versions listed above.

What to look for

How to tell if you're at risk

If you are running the vulnerable versions of PHP-CGI on Windows listed above.

What to do

Prevention

Bug fixes for affected versions are available on the vendor website. Organisations are encouraged to update to following versions.
• 8.1.29,
• 8.2.20, and
• 8.3.8.

More information

Refer to vendor website for more information.
https://www.php.net/ External Link

If you require more information or further support, submit a report on our website or contact us on 0800 114 115.
Report an incident

Vulnerability affecting PHP on Windows

What's happening

Systems affected

What this means

What to look for

How to tell if you're at risk

What to do

Prevention

More information

How helpful was this page?