CNNVD-202507-1791 Information

CNNVD ID

CNNVD-202507-1791

Related CVE

CVE-2025-6491

• CNNVD Published: 2025-07-13

Description (Chinese)

PHP是PHP的一种在服务器端执行的脚本语言。 PHP 8.1.33之前版本、8.2.29之前版本、8.3.23之前版本和8.4.10之前版本存在安全漏洞，该漏洞源于解析XML数据时可能导致空指针取消引用，影响服务器可用性。

Description (English)

PHP is a script language executed by PHP at the server end. PHP 8.1.33, 8.2.29, 8.3.23 and 8.4.10 have a security loophole, which stems from the fact that the decomposition of XML data may lead to the removal of references from the empty pointer and affect server availability.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PHP

Published

2025-07-13

Last Modified

2026-02-24

References

https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x https://vigilance.fr/vulnerability/PHP-NULL-pointer-dereference-via-PHP-SOAP-Extension-47594

Patch

https://github.com/php/php-src/releases