CVEFinder.io

CVE-2025-14179

β›” critical
πŸ” Scan for this CVE
Summary

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as part of the string. This allows SQL injection when attacker-controlled values are quoted via PDO::quo

Description

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as part of the string. This allows SQL injection when attacker-controlled values are quoted via PDO::quote() and embedded in SQLΒ statements.

CVSS Score
9.8
Critical
EPSS Score
0.3
Exploit Probability
Published Date
2026-05-10
First Seen: 2026-05-11
πŸ“Š Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.6% of all 335,187 vulnerabilities in our database.

#31,628
Top 10% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 11, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
πŸ† Discovered By
Aleksey Solovev (Positive Technologies) Nikita Sveshnikov (Positive Technologies) Ilija Tovilo (remediation reviewer) Arnaud Le Blanc (remediation reviewer) Saki Takamachi (remediation developer)
SSVC data provided by CISA
Last Modified 2026-06-30
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Amber
CWE IDs (Weakness Types)

πŸ“¦ Affected Products 4

πŸ”— References 4

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-14355 πŸ”Ά medium 5.6 0.3 In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algo... 2026-07-03
CVE-2026-6722 β›” critical 9.8 0.7 In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extensio... 2026-05-10
CVE-2026-7262 ⚠️ high 7.5 0.8 In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP serve... 2026-05-10
CVE-2026-7568 ⚠️ high 7.5 0.5 In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() f... 2026-05-10
CVE-2026-6104 β›” critical 9.1 0.5 In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is pas... 2026-05-10
CVE-2026-7263 ⚠️ high 7.5 0.4 In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly... 2026-05-10
These CVEs affect the same products