Advisory 92

Advisory 92: Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks

Release Date: 04th of July 2025

Impact : HIGH / CRITICAL

TLP Rating: Clear

CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.

This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users and systems administrators.

What is it?

Critical Security vulnerabilities have been discovered in PHP that could allow attackers to execute SQL injection attacks and cause denial of Service (DoS) conditions.

Two distinct vulnerabilities, assigned CVE-2025-1735 and CVE-2025-6491, affect multiple PHP versions and require immediate patching.

CVE-2025-1735 – PostgreSQL Extension SQL injection vulnerability

CVE-2025-6491 – SOAP Extension Denial of Service Vulnerability

 

References

  1. https://cybersecuritynews.com/multiple-php-vulnerabilities/