High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2025-14180
High
Low
Medium
High
Critical
7.5
CVSS Score
Published: Dec 27, 2025
Last Modified: Jan 09, 2026
Vulnerability Description
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
100 configuration(s) from 1 vendor(s)
php
Version:
8.2.21
CPE:
cpe:2.3:a:php:php:8.2.21:-:*:*:*:*:*:*
php
Version:
8.4.8
CPE:
cpe:2.3:a:php:php:8.4.8:-:*:*:*:*:*:*
php
Version:
8.3.5
CPE:
cpe:2.3:a:php:php:8.3.5:-:*:*:*:*:*:*
php
Version:
8.1.33
CPE:
cpe:2.3:a:php:php:8.1.33:*:*:*:*:*:*:*
php
Version:
8.2.20
CPE:
cpe:2.3:a:php:php:8.2.20:-:*:*:*:*:*:*
php
Version:
8.1.25
CPE:
cpe:2.3:a:php:php:8.1.25:-:*:*:*:*:*:*
php
Version:
8.2.0
CPE:
cpe:2.3:a:php:php:8.2.0:-:*:*:*:*:*:*
php
Version:
8.1.12
CPE:
cpe:2.3:a:php:php:8.1.12:*:*:*:*:*:*:*
php
Version:
8.3.23
CPE:
cpe:2.3:a:php:php:8.3.23:-:*:*:*:*:*:*
php
Version:
8.3.8
CPE:
cpe:2.3:a:php:php:8.3.8:-:*:*:*:*:*:*
php
Version:
8.2.23
CPE:
cpe:2.3:a:php:php:8.2.23:-:*:*:*:*:*:*
php
Version:
8.2.26
CPE:
cpe:2.3:a:php:php:8.2.26:-:*:*:*:*:*:*
php
Version:
8.1.27
CPE:
cpe:2.3:a:php:php:8.1.27:-:*:*:*:*:*:*
php
Version:
8.2.5
CPE:
cpe:2.3:a:php:php:8.2.5:-:*:*:*:*:*:*
php
Version:
8.1.5
CPE:
cpe:2.3:a:php:php:8.1.5:rc1:*:*:*:*:*:*
php
Version:
8.2.14
CPE:
cpe:2.3:a:php:php:8.2.14:-:*:*:*:*:*:*
php
Version:
8.2.13
CPE:
cpe:2.3:a:php:php:8.2.13:-:*:*:*:*:*:*
php
Version:
8.4.10
CPE:
cpe:2.3:a:php:php:8.4.10:*:*:*:*:*:*:*
php
Version:
8.1.21
CPE:
cpe:2.3:a:php:php:8.1.21:-:*:*:*:*:*:*
php
Version:
8.2.9
CPE:
cpe:2.3:a:php:php:8.2.9:-:*:*:*:*:*:*
php
Version:
8.1.23
CPE:
cpe:2.3:a:php:php:8.1.23:-:*:*:*:*:*:*
php
Version:
8.3.22
CPE:
cpe:2.3:a:php:php:8.3.22:-:*:*:*:*:*:*
php
Version:
8.2.19
CPE:
cpe:2.3:a:php:php:8.2.19:-:*:*:*:*:*:*
php
Version:
8.3.0
CPE:
cpe:2.3:a:php:php:8.3.0:-:*:*:*:*:*:*
php
Version:
8.3.10
CPE:
cpe:2.3:a:php:php:8.3.10:-:*:*:*:*:*:*
php
Version:
8.3.6
CPE:
cpe:2.3:a:php:php:8.3.6:-:*:*:*:*:*:*
php
Version:
8.4.6
CPE:
cpe:2.3:a:php:php:8.4.6:-:*:*:*:*:*:*
php
Version:
8.3.1
CPE:
cpe:2.3:a:php:php:8.3.1:-:*:*:*:*:*:*
php
Version:
8.3.11
CPE:
cpe:2.3:a:php:php:8.3.11:-:*:*:*:*:*:*
php
Version:
8.4.11
CPE:
cpe:2.3:a:php:php:8.4.11:rc1:*:*:*:*:*:*
php
Version:
8.2.1
CPE:
cpe:2.3:a:php:php:8.2.1:-:*:*:*:*:*:*
php
Version:
8.1.7
CPE:
cpe:2.3:a:php:php:8.1.7:rc1:*:*:*:*:*:*
php
Version:
8.3.7
CPE:
cpe:2.3:a:php:php:8.3.7:-:*:*:*:*:*:*
php
Version:
8.1.1
CPE:
cpe:2.3:a:php:php:8.1.1:rc1:*:*:*:*:*:*
php
Version:
8.1.28
CPE:
cpe:2.3:a:php:php:8.1.28:-:*:*:*:*:*:*
php
Version:
8.2.25
CPE:
cpe:2.3:a:php:php:8.2.25:-:*:*:*:*:*:*
php
Version:
8.2.22
CPE:
cpe:2.3:a:php:php:8.2.22:-:*:*:*:*:*:*
php
Version:
8.3.17
CPE:
cpe:2.3:a:php:php:8.3.17:-:*:*:*:*:*:*
php
Version:
8.1.15
CPE:
cpe:2.3:a:php:php:8.1.15:*:*:*:*:*:*:*
php
Version:
8.2.16
CPE:
cpe:2.3:a:php:php:8.2.16:-:*:*:*:*:*:*
php
Version:
8.1.4
CPE:
cpe:2.3:a:php:php:8.1.4:rc1:*:*:*:*:*:*
php
Version:
8.4.2
CPE:
cpe:2.3:a:php:php:8.4.2:-:*:*:*:*:*:*
php
Version:
8.2.18
CPE:
cpe:2.3:a:php:php:8.2.18:-:*:*:*:*:*:*
php
Version:
8.2.10
CPE:
cpe:2.3:a:php:php:8.2.10:-:*:*:*:*:*:*
php
Version:
8.2.28
CPE:
cpe:2.3:a:php:php:8.2.28:*:*:*:*:*:*:*
php
Version:
8.1.14
CPE:
cpe:2.3:a:php:php:8.1.14:*:*:*:*:*:*:*
php
Version:
8.3.14
CPE:
cpe:2.3:a:php:php:8.3.14:-:*:*:*:*:*:*
php
Version:
8.2.11
CPE:
cpe:2.3:a:php:php:8.2.11:-:*:*:*:*:*:*
php
Version:
8.5.0
CPE:
cpe:2.3:a:php:php:8.5.0:alpha1:*:*:*:*:*:*
php
Version:
8.3.21
CPE:
cpe:2.3:a:php:php:8.3.21:-:*:*:*:*:*:*
php
Version:
8.1.30
CPE:
cpe:2.3:a:php:php:8.1.30:*:*:*:*:*:*:*
php
Version:
8.1.22
CPE:
cpe:2.3:a:php:php:8.1.22:rc1:*:*:*:*:*:*
php
Version:
8.1.17
CPE:
cpe:2.3:a:php:php:8.1.17:-:*:*:*:*:*:*
php
Version:
8.4.4
CPE:
cpe:2.3:a:php:php:8.4.4:-:*:*:*:*:*:*
php
Version:
8.3.15
CPE:
cpe:2.3:a:php:php:8.3.15:-:*:*:*:*:*:*
php
Version:
8.3.16
CPE:
cpe:2.3:a:php:php:8.3.16:-:*:*:*:*:*:*
php
Version:
8.1.32
CPE:
cpe:2.3:a:php:php:8.1.32:*:*:*:*:*:*:*
php
Version:
8.1.10
CPE:
cpe:2.3:a:php:php:8.1.10:*:*:*:*:*:*:*
php
Version:
8.2.2
CPE:
cpe:2.3:a:php:php:8.2.2:-:*:*:*:*:*:*
php
Version:
8.1.8
CPE:
cpe:2.3:a:php:php:8.1.8:*:*:*:*:*:*:*
php
Version:
8.2.17
CPE:
cpe:2.3:a:php:php:8.2.17:-:*:*:*:*:*:*
php
Version:
8.1.3
CPE:
cpe:2.3:a:php:php:8.1.3:rc1:*:*:*:*:*:*
php
Version:
8.4.1
CPE:
cpe:2.3:a:php:php:8.4.1:*:*:*:*:*:*:*
php
Version:
8.1.13
CPE:
cpe:2.3:a:php:php:8.1.13:*:*:*:*:*:*:*
php
Version:
8.1.9
CPE:
cpe:2.3:a:php:php:8.1.9:*:*:*:*:*:*:*
php
Version:
8.1.29
CPE:
cpe:2.3:a:php:php:8.1.29:-:*:*:*:*:*:*
php
Version:
8.4.3
CPE:
cpe:2.3:a:php:php:8.4.3:-:*:*:*:*:*:*
php
Version:
8.1.31
CPE:
cpe:2.3:a:php:php:8.1.31:*:*:*:*:*:*:*
php
Version:
8.1.0
CPE:
cpe:2.3:a:php:php:8.1.0:rc4:*:*:*:*:*:*
php
Version:
8.2.12
CPE:
cpe:2.3:a:php:php:8.2.12:-:*:*:*:*:*:*
php
Version:
8.2.7
CPE:
cpe:2.3:a:php:php:8.2.7:-:*:*:*:*:*:*
php
Version:
8.1.6
CPE:
cpe:2.3:a:php:php:8.1.6:rc1:*:*:*:*:*:*
php
Version:
8.3.12
CPE:
cpe:2.3:a:php:php:8.3.12:-:*:*:*:*:*:*
php
Version:
8.3.20
CPE:
cpe:2.3:a:php:php:8.3.20:-:*:*:*:*:*:*
php
Version:
8.2.3
CPE:
cpe:2.3:a:php:php:8.2.3:*:*:*:*:*:*:*
php
Version:
8.3.24
CPE:
cpe:2.3:a:php:php:8.3.24:rc1:*:*:*:*:*:*
php
Version:
8.3.13
CPE:
cpe:2.3:a:php:php:8.3.13:-:*:*:*:*:*:*
php
Version:
8.1.18
CPE:
cpe:2.3:a:php:php:8.1.18:-:*:*:*:*:*:*
php
Version:
8.4.9
CPE:
cpe:2.3:a:php:php:8.4.9:-:*:*:*:*:*:*
php
Version:
8.4.0
CPE:
cpe:2.3:a:php:php:8.4.0:-:*:*:*:*:*:*
php
Version:
8.2.4
CPE:
cpe:2.3:a:php:php:8.2.4:-:*:*:*:*:*:*
php
Version:
8.1.16
CPE:
cpe:2.3:a:php:php:8.1.16:*:*:*:*:*:*:*
php
Version:
8.3.9
CPE:
cpe:2.3:a:php:php:8.3.9:-:*:*:*:*:*:*
php
Version:
8.3.2
CPE:
cpe:2.3:a:php:php:8.3.2:-:*:*:*:*:*:*
php
Version:
8.3.3
CPE:
cpe:2.3:a:php:php:8.3.3:-:*:*:*:*:*:*
php
Version:
8.1.2
CPE:
cpe:2.3:a:php:php:8.1.2:rc1:*:*:*:*:*:*
php
Version:
8.3.4
CPE:
cpe:2.3:a:php:php:8.3.4:-:*:*:*:*:*:*
php
Version:
8.2.29
CPE:
cpe:2.3:a:php:php:8.2.29:*:*:*:*:*:*:*
php
Version:
8.1.24
CPE:
cpe:2.3:a:php:php:8.1.24:-:*:*:*:*:*:*
php
Version:
8.1.20
CPE:
cpe:2.3:a:php:php:8.1.20:-:*:*:*:*:*:*
php
Version:
8.2.6
CPE:
cpe:2.3:a:php:php:8.2.6:-:*:*:*:*:*:*
php
Version:
8.2.24
CPE:
cpe:2.3:a:php:php:8.2.24:-:*:*:*:*:*:*
php
Version:
8.1.26
CPE:
cpe:2.3:a:php:php:8.1.26:-:*:*:*:*:*:*
php
Version:
8.3.19
CPE:
cpe:2.3:a:php:php:8.3.19:*:*:*:*:*:*:*
php
Version:
8.4.5
CPE:
cpe:2.3:a:php:php:8.4.5:-:*:*:*:*:*:*
php
Version:
8.4.7
CPE:
cpe:2.3:a:php:php:8.4.7:-:*:*:*:*:*:*
php
Version:
8.2.8
CPE:
cpe:2.3:a:php:php:8.2.8:-:*:*:*:*:*:*
php
Version:
8.3.18
CPE:
cpe:2.3:a:php:php:8.3.18:-:*:*:*:*:*:*
php
Version:
8.1.19
CPE:
cpe:2.3:a:php:php:8.1.19:-:*:*:*:*:*:*
php
Version:
8.2.15
CPE:
cpe:2.3:a:php:php:8.2.15:-:*:*:*:*:*:*
This vulnerability affects 100 software configuration(s). Ensure you patch all affected systems.
Canonical (Ubuntu)
USN-7953-1
USN-7953-1: PHP vulnerabilities
Severity
Unknown
Released
Jan 12, 2026
Security Update
SUSE
CVE-2025-14180
CVE-2025-14180
Severity
Unknown
Released
Dec 23, 2025
Security Update
Severity Details
7.5
out of 10.0
High
Key Information
- Published Date
- December 27, 2025
