{"uuid": "1db948cc-34e2-4c8e-8b75-c24260d1bd44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-1220", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mqxn5wxr3l27", "content": "\u6b7b\u3093\u3067\u306d\u3047\u5834\u6240\u3082\u3042\u308b\u3002CVE-2025-1220\u3001fsockopen()\u3002PHP\u6587\u5b57\u5217\u306f\\0\u3092\u542b\u3093\u3067\u3082\u751f\u304d\u305f\u307e\u307e\u6bd4\u8f03\u3067\u304d\u308b\u304c\u3001\u4e0b\u306eC\u30bd\u30b1\u30c3\u30c8\u5c64\u306f\\0\u3067\u7d42\u7aef\u6271\u3044\u3059\u308b\u3002\ud83d\udc8e\nstr_ends_with()\u3067\".company.com\"\u5224\u5b9a\u2192\"127.0.0.1\\0.company.com\"\u306f\u666e\u901a\u306b\u901a\u904e\u2192\u63a5\u7d9a\u5148\u306f\u5b9f\u306f127.0.0.1\u3002allowlist\u304cSSRF\u306b\u5316\u3051\u308b\u30028.1&lt;8.1.33\u7b49\u304c\u5bfe\u8c61\u3001\u30d1\u30c3\u30c1\u6e08\u307f\u3002\nhttps://hadrian.io/blog/cve-2025-1220-null-byte-trickery-bypasses-hostname-allowlists-in-php", "creation_timestamp": "2026-07-19T01:33:45.591797Z"}