You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 1735
About this tag
CVE-2025-1735 is a vulnerability in the PHP pgsql extension where the escaping logic fails to verify whether the PostgreSQL client library reported an error when escaping identifiers and strings. This flaw can cause crashes and, under specific conditions, enable injection-like behavior when applications rely on the extension's escaping as a defense. Multiple vendors and distribution advisories have confirmed the defect and shipped patched PHP builds. Operators using PHP with PostgreSQL should treat this as an operational priority and apply the available patches to maintain system stability and security.
The PHP pgsql extension’s escaping logic failed a simple but critical safety check: it didn't always verify whether the PostgreSQL client library reported an error when escaping identifiers and strings. The result, tracked as CVE-2025-1735, is an availability- and stability-focused vulnerability...