High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2025-14177
High
Low
Medium
High
Critical
7.5
CVSS Score
Published: Dec 27, 2025
Last Modified: Jan 08, 2026
Vulnerability Description
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
N
Availability
N
Known Affected Software
100 configuration(s) from 1 vendor(s)
php
Version:
8.2.21
CPE:
cpe:2.3:a:php:php:8.2.21:-:*:*:*:*:*:*
php
Version:
8.4.8
CPE:
cpe:2.3:a:php:php:8.4.8:-:*:*:*:*:*:*
php
Version:
8.3.5
CPE:
cpe:2.3:a:php:php:8.3.5:-:*:*:*:*:*:*
php
Version:
8.1.33
CPE:
cpe:2.3:a:php:php:8.1.33:*:*:*:*:*:*:*
php
Version:
8.2.20
CPE:
cpe:2.3:a:php:php:8.2.20:-:*:*:*:*:*:*
php
Version:
8.1.25
CPE:
cpe:2.3:a:php:php:8.1.25:-:*:*:*:*:*:*
php
Version:
8.2.0
CPE:
cpe:2.3:a:php:php:8.2.0:-:*:*:*:*:*:*
php
Version:
8.1.12
CPE:
cpe:2.3:a:php:php:8.1.12:*:*:*:*:*:*:*
php
Version:
8.3.23
CPE:
cpe:2.3:a:php:php:8.3.23:-:*:*:*:*:*:*
php
Version:
8.3.8
CPE:
cpe:2.3:a:php:php:8.3.8:-:*:*:*:*:*:*
php
Version:
8.2.23
CPE:
cpe:2.3:a:php:php:8.2.23:-:*:*:*:*:*:*
php
Version:
8.2.26
CPE:
cpe:2.3:a:php:php:8.2.26:-:*:*:*:*:*:*
php
Version:
8.1.27
CPE:
cpe:2.3:a:php:php:8.1.27:-:*:*:*:*:*:*
php
Version:
8.2.5
CPE:
cpe:2.3:a:php:php:8.2.5:-:*:*:*:*:*:*
php
Version:
8.1.5
CPE:
cpe:2.3:a:php:php:8.1.5:rc1:*:*:*:*:*:*
php
Version:
8.2.14
CPE:
cpe:2.3:a:php:php:8.2.14:-:*:*:*:*:*:*
php
Version:
8.2.13
CPE:
cpe:2.3:a:php:php:8.2.13:-:*:*:*:*:*:*
php
Version:
8.4.10
CPE:
cpe:2.3:a:php:php:8.4.10:*:*:*:*:*:*:*
php
Version:
8.1.21
CPE:
cpe:2.3:a:php:php:8.1.21:-:*:*:*:*:*:*
php
Version:
8.2.9
CPE:
cpe:2.3:a:php:php:8.2.9:-:*:*:*:*:*:*
php
Version:
8.1.23
CPE:
cpe:2.3:a:php:php:8.1.23:-:*:*:*:*:*:*
php
Version:
8.3.22
CPE:
cpe:2.3:a:php:php:8.3.22:-:*:*:*:*:*:*
php
Version:
8.2.19
CPE:
cpe:2.3:a:php:php:8.2.19:-:*:*:*:*:*:*
php
Version:
8.3.0
CPE:
cpe:2.3:a:php:php:8.3.0:-:*:*:*:*:*:*
php
Version:
8.3.10
CPE:
cpe:2.3:a:php:php:8.3.10:-:*:*:*:*:*:*
php
Version:
8.3.6
CPE:
cpe:2.3:a:php:php:8.3.6:-:*:*:*:*:*:*
php
Version:
8.4.6
CPE:
cpe:2.3:a:php:php:8.4.6:-:*:*:*:*:*:*
php
Version:
8.3.1
CPE:
cpe:2.3:a:php:php:8.3.1:-:*:*:*:*:*:*
php
Version:
8.3.11
CPE:
cpe:2.3:a:php:php:8.3.11:-:*:*:*:*:*:*
php
Version:
8.4.11
CPE:
cpe:2.3:a:php:php:8.4.11:rc1:*:*:*:*:*:*
php
Version:
8.2.1
CPE:
cpe:2.3:a:php:php:8.2.1:-:*:*:*:*:*:*
php
Version:
8.1.7
CPE:
cpe:2.3:a:php:php:8.1.7:rc1:*:*:*:*:*:*
php
Version:
8.3.7
CPE:
cpe:2.3:a:php:php:8.3.7:-:*:*:*:*:*:*
php
Version:
8.1.1
CPE:
cpe:2.3:a:php:php:8.1.1:rc1:*:*:*:*:*:*
php
Version:
8.1.28
CPE:
cpe:2.3:a:php:php:8.1.28:-:*:*:*:*:*:*
php
Version:
8.2.25
CPE:
cpe:2.3:a:php:php:8.2.25:-:*:*:*:*:*:*
php
Version:
8.2.22
CPE:
cpe:2.3:a:php:php:8.2.22:-:*:*:*:*:*:*
php
Version:
8.3.17
CPE:
cpe:2.3:a:php:php:8.3.17:-:*:*:*:*:*:*
php
Version:
8.1.15
CPE:
cpe:2.3:a:php:php:8.1.15:*:*:*:*:*:*:*
php
Version:
8.2.16
CPE:
cpe:2.3:a:php:php:8.2.16:-:*:*:*:*:*:*
php
Version:
8.1.4
CPE:
cpe:2.3:a:php:php:8.1.4:rc1:*:*:*:*:*:*
php
Version:
8.4.2
CPE:
cpe:2.3:a:php:php:8.4.2:-:*:*:*:*:*:*
php
Version:
8.2.18
CPE:
cpe:2.3:a:php:php:8.2.18:-:*:*:*:*:*:*
php
Version:
8.2.10
CPE:
cpe:2.3:a:php:php:8.2.10:-:*:*:*:*:*:*
php
Version:
8.2.28
CPE:
cpe:2.3:a:php:php:8.2.28:*:*:*:*:*:*:*
php
Version:
8.1.14
CPE:
cpe:2.3:a:php:php:8.1.14:*:*:*:*:*:*:*
php
Version:
8.3.14
CPE:
cpe:2.3:a:php:php:8.3.14:-:*:*:*:*:*:*
php
Version:
8.2.11
CPE:
cpe:2.3:a:php:php:8.2.11:-:*:*:*:*:*:*
php
Version:
8.5.0
CPE:
cpe:2.3:a:php:php:8.5.0:alpha1:*:*:*:*:*:*
php
Version:
8.3.21
CPE:
cpe:2.3:a:php:php:8.3.21:-:*:*:*:*:*:*
php
Version:
8.1.30
CPE:
cpe:2.3:a:php:php:8.1.30:*:*:*:*:*:*:*
php
Version:
8.1.22
CPE:
cpe:2.3:a:php:php:8.1.22:rc1:*:*:*:*:*:*
php
Version:
8.1.17
CPE:
cpe:2.3:a:php:php:8.1.17:-:*:*:*:*:*:*
php
Version:
8.4.4
CPE:
cpe:2.3:a:php:php:8.4.4:-:*:*:*:*:*:*
php
Version:
8.3.15
CPE:
cpe:2.3:a:php:php:8.3.15:-:*:*:*:*:*:*
php
Version:
8.3.16
CPE:
cpe:2.3:a:php:php:8.3.16:-:*:*:*:*:*:*
php
Version:
8.1.32
CPE:
cpe:2.3:a:php:php:8.1.32:*:*:*:*:*:*:*
php
Version:
8.1.10
CPE:
cpe:2.3:a:php:php:8.1.10:*:*:*:*:*:*:*
php
Version:
8.2.2
CPE:
cpe:2.3:a:php:php:8.2.2:-:*:*:*:*:*:*
php
Version:
8.1.8
CPE:
cpe:2.3:a:php:php:8.1.8:*:*:*:*:*:*:*
php
Version:
8.2.17
CPE:
cpe:2.3:a:php:php:8.2.17:-:*:*:*:*:*:*
php
Version:
8.1.3
CPE:
cpe:2.3:a:php:php:8.1.3:rc1:*:*:*:*:*:*
php
Version:
8.4.1
CPE:
cpe:2.3:a:php:php:8.4.1:*:*:*:*:*:*:*
php
Version:
8.1.13
CPE:
cpe:2.3:a:php:php:8.1.13:*:*:*:*:*:*:*
php
Version:
8.1.9
CPE:
cpe:2.3:a:php:php:8.1.9:*:*:*:*:*:*:*
php
Version:
8.1.29
CPE:
cpe:2.3:a:php:php:8.1.29:-:*:*:*:*:*:*
php
Version:
8.4.3
CPE:
cpe:2.3:a:php:php:8.4.3:-:*:*:*:*:*:*
php
Version:
8.1.31
CPE:
cpe:2.3:a:php:php:8.1.31:*:*:*:*:*:*:*
php
Version:
8.1.0
CPE:
cpe:2.3:a:php:php:8.1.0:rc4:*:*:*:*:*:*
php
Version:
8.2.12
CPE:
cpe:2.3:a:php:php:8.2.12:-:*:*:*:*:*:*
php
Version:
8.2.7
CPE:
cpe:2.3:a:php:php:8.2.7:-:*:*:*:*:*:*
php
Version:
8.1.6
CPE:
cpe:2.3:a:php:php:8.1.6:rc1:*:*:*:*:*:*
php
Version:
8.3.12
CPE:
cpe:2.3:a:php:php:8.3.12:-:*:*:*:*:*:*
php
Version:
8.3.20
CPE:
cpe:2.3:a:php:php:8.3.20:-:*:*:*:*:*:*
php
Version:
8.2.3
CPE:
cpe:2.3:a:php:php:8.2.3:*:*:*:*:*:*:*
php
Version:
8.3.24
CPE:
cpe:2.3:a:php:php:8.3.24:rc1:*:*:*:*:*:*
php
Version:
8.3.13
CPE:
cpe:2.3:a:php:php:8.3.13:-:*:*:*:*:*:*
php
Version:
8.1.18
CPE:
cpe:2.3:a:php:php:8.1.18:-:*:*:*:*:*:*
php
Version:
8.4.9
CPE:
cpe:2.3:a:php:php:8.4.9:-:*:*:*:*:*:*
php
Version:
8.4.0
CPE:
cpe:2.3:a:php:php:8.4.0:-:*:*:*:*:*:*
php
Version:
8.2.4
CPE:
cpe:2.3:a:php:php:8.2.4:-:*:*:*:*:*:*
php
Version:
8.1.16
CPE:
cpe:2.3:a:php:php:8.1.16:*:*:*:*:*:*:*
php
Version:
8.3.9
CPE:
cpe:2.3:a:php:php:8.3.9:-:*:*:*:*:*:*
php
Version:
8.3.2
CPE:
cpe:2.3:a:php:php:8.3.2:-:*:*:*:*:*:*
php
Version:
8.3.3
CPE:
cpe:2.3:a:php:php:8.3.3:-:*:*:*:*:*:*
php
Version:
8.1.2
CPE:
cpe:2.3:a:php:php:8.1.2:rc1:*:*:*:*:*:*
php
Version:
8.3.4
CPE:
cpe:2.3:a:php:php:8.3.4:-:*:*:*:*:*:*
php
Version:
8.2.29
CPE:
cpe:2.3:a:php:php:8.2.29:*:*:*:*:*:*:*
php
Version:
8.1.24
CPE:
cpe:2.3:a:php:php:8.1.24:-:*:*:*:*:*:*
php
Version:
8.1.20
CPE:
cpe:2.3:a:php:php:8.1.20:-:*:*:*:*:*:*
php
Version:
8.2.6
CPE:
cpe:2.3:a:php:php:8.2.6:-:*:*:*:*:*:*
php
Version:
8.2.24
CPE:
cpe:2.3:a:php:php:8.2.24:-:*:*:*:*:*:*
php
Version:
8.1.26
CPE:
cpe:2.3:a:php:php:8.1.26:-:*:*:*:*:*:*
php
Version:
8.3.19
CPE:
cpe:2.3:a:php:php:8.3.19:*:*:*:*:*:*:*
php
Version:
8.4.5
CPE:
cpe:2.3:a:php:php:8.4.5:-:*:*:*:*:*:*
php
Version:
8.4.7
CPE:
cpe:2.3:a:php:php:8.4.7:-:*:*:*:*:*:*
php
Version:
8.2.8
CPE:
cpe:2.3:a:php:php:8.2.8:-:*:*:*:*:*:*
php
Version:
8.3.18
CPE:
cpe:2.3:a:php:php:8.3.18:-:*:*:*:*:*:*
php
Version:
8.1.19
CPE:
cpe:2.3:a:php:php:8.1.19:-:*:*:*:*:*:*
php
Version:
8.2.15
CPE:
cpe:2.3:a:php:php:8.2.15:-:*:*:*:*:*:*
This vulnerability affects 100 software configuration(s). Ensure you patch all affected systems.
Canonical (Ubuntu)
USN-7953-1
USN-7953-1: PHP vulnerabilities
Severity
Unknown
Released
Jan 12, 2026
Security Update
SUSE
CVE-2025-14177
CVE-2025-14177
Severity
Unknown
Released
Dec 23, 2025
Security Update
Severity Details
7.5
out of 10.0
High
Key Information
- Published Date
- December 27, 2025
