cbcvebase.
CVE-2025-1735
published 2025-07-13

CVE-2025-1735: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianphp7.4< php7.4 7.4.33-1+deb11u9 (bullseye)php7.4 7.4.33-1+deb11u9 (bullseye)
debianphp8.2< php7.4 7.4.33-1+deb11u9 (bullseye)php7.4 7.4.33-1+deb11u9 (bullseye)
debianphp8.4< php7.4 7.4.33-1+deb11u9 (bullseye)php7.4 7.4.33-1+deb11u9 (bullseye)
msrcazl3_php_8.3.23-1_on_azure_linux_3.0
msrccbl2_php_8.1.32-1_on_cbl_mariner_2.0
msrccbl2_php_8.1.33-1_on_cbl_mariner_2.0
msrccbl2_vim_8.2.5064-1_on_cbl_mariner_2.0
msrccm1_vim_8.2.5064-1_on_cbl_mariner_1.0
phpphp>= 8.1.0 < 8.1.338.1.33
phpphp>= 8.2.0 < 8.2.298.2.29
phpphp>= 8.3.0 < 8.3.238.3.23
phpphp>= 8.4.0 < 8.4.108.4.10
php_groupphp>= 8.1.* < 8.1.338.1.33
php_groupphp>= 8.2.* < 8.2.298.2.29
php_groupphp>= 8.3.* < 8.3.238.3.23
php_groupphp>= 8.4.* < 8.4.108.4.10

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH