CVE-2025-14180

EUVD-2025-205486

27.12.2025, 20:15

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
php	php	8.1.0 ≤ 𝑥 < 8.1.34
php	php	8.2.0 ≤ 𝑥 < 8.2.30
php	php	8.3.0 ≤ 𝑥 < 8.3.29
php	php	8.4.0 ≤ 𝑥 < 8.4.16
php	php	8.5.0 ≤ 𝑥 < 8.5.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

php7.4

bullseye	7.4.33-1+deb11u5 fixed
bullseye (security)	7.4.33-1+deb11u10 fixed

php8.2

bookworm	vulnerable
bookworm (security)	vulnerable

php8.4

forky	8.4.16-1 fixed
sid	8.4.16-1 fixed
trixie	vulnerable
trixie (security)	8.4.16-1~deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

php5

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	not-affected

php7.0

jammy	dne
noble	dne
plucky	dne
questing	dne
xenial	not-affected

php7.2

bionic	not-affected
jammy	dne
noble	dne
plucky	dne
questing	dne

php7.4

focal	not-affected
jammy	dne
noble	dne
plucky	dne
questing	dne

php8.1

jammy	Fixed 8.1.2-1ubuntu2.23 released
noble	dne
plucky	dne
questing	dne

php8.3

jammy	dne
noble	Fixed 8.3.6-0ubuntu0.24.04.6 released
plucky	dne
questing	dne

php8.4

jammy	dne
noble	dne
plucky	Fixed 8.4.5-1ubuntu1.2 released
questing	Fixed 8.4.11-1ubuntu1.1 released

Known Exploits!

https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Vulnerability Media Exposure

[GERMAN] PHP: Mehrere Schwachstellen
Ein entfernter Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, um einen Server-Side Request-Forgery Angriff ausführen oder nicht bekannte Auswirkungen erzielen.
Published: 2025-12-18T23:00:00+00:00

References

https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj