cve-2025-6491
Vulnerability from cvelistv5
Published
2025-07-13 22:10
Modified
2025-07-14 15:59
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@php.net | https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x | Exploit, Vendor Advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T15:59:51.249317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T15:59:53.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "soap",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.1.33",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.29",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
},
{
"lessThan": "8.3.23",
"status": "affected",
"version": "8.3.*",
"versionType": "semver"
},
{
"lessThan": "8.4.10",
"status": "affected",
"version": "8.4.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ahmed Lekssays"
}
],
"datePublic": "2025-07-03T12:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (\u0026gt;2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (\u003e2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T22:10:15.996Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x"
}
],
"source": {
"advisory": "GHSA-453j-q27h-5p8x",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2025-6491",
"datePublished": "2025-07-13T22:10:15.996Z",
"dateReserved": "2025-06-22T03:05:22.008Z",
"dateUpdated": "2025-07-14T15:59:53.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-6491\",\"sourceIdentifier\":\"security@php.net\",\"published\":\"2025-07-13T22:15:23.353\",\"lastModified\":\"2025-07-22T16:51:04.830\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (\u003e2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.\"},{\"lang\":\"es\",\"value\":\"En las versiones de PHP 8.1.* anteriores a la 8.1.33, 8.2.* anteriores a la 8.2.29, 8.3.* anteriores a la 8.3.23 y 8.4.* anteriores a la 8.4.10, al analizar datos XML en extensiones SOAP, un prefijo de espacio de nombres XML demasiado grande (\u0026gt;2 GB) puede provocar la desreferencia de puntero nulo. Esto puede provocar fallos y afectar la disponibilidad del servidor de destino.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.33\",\"matchCriteriaId\":\"1DFFB7CE-0CB6-4229-8A83-D5994163F599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.29\",\"matchCriteriaId\":\"C0671DC7-C9E0-4CB9-8CBE-7C7D724A4E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndExcluding\":\"8.3.23\",\"matchCriteriaId\":\"99142A2A-C510-477B-A090-DE73441BBFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.4.0\",\"versionEndExcluding\":\"8.4.10\",\"matchCriteriaId\":\"61D8A8DF-85D3-435B-BB2B-F3D728575758\"}]}]}],\"references\":[{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.