PT-2025-27859 · Unknown+11 · Postgresql+11

Andres Freund

·

Published

2025-01-01

·

Updated

2026-02-10

·

CVE-2025-1735

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions PHP versions prior to 8.1.33 PHP versions prior to 8.2.29 PHP versions prior to 8.3.23 PHP versions prior to 8.4 php7.4 php8.2
Description The pgsql and pdo pgsql escaping functions do not verify if the underlying quoting functions return errors. This can lead to crashes if the Postgres server rejects a string as invalid.
Recommendations PHP versions prior to 8.1.33: Upgrade to version 8.1.33 or later. PHP versions prior to 8.2.29: Upgrade to version 8.2.29 or later. PHP versions prior to 8.3.23: Upgrade to version 8.3.23 or later. PHP versions prior to 8.4: Upgrade to version 8.4.10 or later. php7.4: Upgrade to a supported version. php8.2: Upgrade to a supported version.

Fix

DoS

NULL Pointer Dereference

SQL injection

Weakness Enumeration

CWE-476CWE-89

Related Identifiers

ALSA-2025:23309
ALSA-2026:1409
ALSA-2026:1412
ALSA-2026:2470
ALT-PU-2025-11047
ALT-PU-2025-9930
ALT-PU-2025-9934
ALT-PU-2025-9942
ALT-PU-2025-9948
AZL-65121
AZL-65124
BDU:2025-10413
BIT-LIBPHP-2025-1735
BIT-PHP-2025-1735
BIT-PHP-MIN-2025-1735
CVE-2025-1735
DLA-4254-1
DSA-5967-1
GHSA-HRWM-9436-5MV3
MGASA-2025-0203
OESA-2025-1760
OESA-2025-1761
OESA-2025-1762
OESA-2025-1888
OESA-2025-1889
OESA-2025-1890
OPENSUSE-SU-2025:15340-1
RHSA-2026:1409
RHSA-2026:1412
RHSA-2026:2470
SUSE-SU-2025:02462-1
SUSE-SU-2025:02463-1
SUSE-SU-2025:02473-1
SUSE-SU-2025:02474-1
SUSE-SU-2025_02462-1
SUSE-SU-2025_02463-1
SUSE-SU-2025_02473-1
SUSE-SU-2025_02474-1
USN-7648-1
USN-7648-2
USN-7648-3

Affected Products

Alt Linux
Almalinux
Debian
Linuxmint
Postgresql
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Php7.4
Php8.2