cve 2025 1735

About this tag
CVE-2025-1735 is a vulnerability in the PHP pgsql extension where the escaping logic fails to verify whether the PostgreSQL client library reported an error when escaping identifiers and strings. This flaw can cause crashes and, under specific conditions, enable injection-like behavior when applications rely on the extension's escaping as a defense. Multiple vendors and distribution advisories have confirmed the defect and shipped patched PHP builds. Operators using PHP with PostgreSQL should treat this as an operational priority and apply the available patches to maintain system stability and security.
  1. CVE-2025-1735: PHP pgsql Escaping Flaw Patch Guidance

    The PHP pgsql extension’s escaping logic failed a simple but critical safety check: it didn't always verify whether the PostgreSQL client library reported an error when escaping identifiers and strings. The result, tracked as CVE-2025-1735, is an availability- and stability-focused vulnerability...