CVE-2025-6491

Updated: 2025-08-20 03:17:09.242822

Description:

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0.0
CVSS Version 3.x MEDIUM 5.9

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
Oracle Linux 6 ELS php 5.3.3 5.9 MEDIUM Released CLSA-2025:1753729863 2025-07-29 01:42:29
Oracle Linux 7 ELS php 5.4.16 5.9 MEDIUM Released CLSA-2025:1754342893 2025-08-06 03:14:32
RHEL 7 ELS php 5.4.16 5.9 MEDIUM Released CLSA-2025:1754381195 2025-08-06 03:14:29
TuxCare 9.6 ESU php 8.0.30 5.9 MEDIUM Released CLSA-2026:1768411712 2026-01-15 01:49:16
Ubuntu 16.04 ELS php 7.0.33 5.9 MEDIUM Released CLSA-2025:1760017744 2025-10-09 16:03:11
Ubuntu 18.04 ELS php 7.2.24-0 5.9 MEDIUM Released CLSA-2025:1760017411 2025-10-09 16:03:15
Ubuntu 20.04 ELS php 7.4.3 5.9 MEDIUM Ignored 2025-07-22 05:02:48 Ignored due to low severity
Total: 17