Null Pointer Dereference Vulnerability in PHP SOAP Extensions
CVE-2025-6491

5.9MEDIUM

Key Information:

Vendor: PHP Group
Status: PHP
Vendor: CVE Published:; 13 July 2025

Badges

📰 News Worthy

What is CVE-2025-6491?

In certain versions of PHP, an issue exists in the handling of XML data within the SOAP extension. When parsing excessively large XML namespace prefixes (over 2GB), the application may encounter a null pointer dereference. This can lead to application crashes, compromising the availability of servers running the affected PHP versions. It is crucial for users to update their installations to avoid these issues.

Affected Version(s)

PHP 8.1.*

PHP 8.1.* < 8.1.33

PHP 8.2.* < 8.2.29

News Articles

CyberSecurityNews

CVE-2025-1735 CVE-2025-6491

Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks - Update Now

Critical security vulnerabilities have been discovered in PHP that could allow attackers to execute SQL injection attacks.

1 week ago

References

https://github.com/php/php-src/security/advisories/GHSA-4...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2025
📰
First article discovered by CyberSecurityNews
Jul 4, 2025
Vulnerability Reserved
Jun 22, 2025

Credit

Ahmed Lekssays

PHP Group

Badges

What is CVE-2025-6491?

Affected Version(s)

News Articles

Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks - Update Now

References

CVSS V3.1

Timeline

Credit