cbcvebase.
CVE-2025-14179
published 2026-05-10

CVE-2025-14179: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes…

PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.30%
21.4th percentile
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as part of the string. This allows SQL injection when attacker-controlled values are quoted via PDO::quote() and embedded in SQL statements.

Affected

15 ranges
VendorProductVersion rangeFixed in
phpphp
phpphp>= 8.2.0 < 8.2.318.2.31
phpphp>= 8.3.0 < 8.3.318.3.31
phpphp>= 8.4.0 < 8.4.218.4.21
phpphp>= 8.5.0 < 8.5.68.5.6
php_8.2php
php_8.3php
php_groupphp>= 8.2.* < 8.2.318.2.31
php_groupphp>= 8.3.* < 8.3.318.3.31
php_groupphp>= 8.4.* < 8.4.218.4.21
php_groupphp>= 8.5.* < 8.5.68.5.6
ubuntuphp8.1
ubuntuphp8.3
ubuntuphp8.4
ubuntuphp8.5

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Amber
vendor_redhat9.8CRITICAL
vendor_ubuntu7.4HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.