Advisory 92: Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks
Release Date: 04th of July 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users and systems administrators.
What is it?
Critical Security vulnerabilities have been discovered in PHP that could allow attackers to execute SQL injection attacks and cause denial of Service (DoS) conditions.
Two distinct vulnerabilities, assigned CVE-2025-1735 and CVE-2025-6491, affect multiple PHP versions and require immediate patching.
CVE-2025-1735 – PostgreSQL Extension SQL injection vulnerability
CVE-2025-6491 – SOAP Extension Denial of Service Vulnerability
What are the Systems affected?
Affected Versions;
The flaws impact PHP installations running versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10.
What this means?
The vulnerabilities could allow attackers to execute SQL injection attacks and cause denial of service (DoS) conditions.
Mitigation process
Administrators should immediately update to patched versions: 8.1.33, 8.2.29, 8.3.23, or 8.4.10
References
- Download advisory (English): Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks
- Download advisory (Bislama): Plante PHP Vulnerabiliti we i Alaoem olgeta SQL Injection & DoS Atak