CVE-2025-14180

🗓️ 27 Dec 2025 19:21:20Reported by phpType

CVE-2025-14180: NULL pointer dereference in PDO PostgreSQL with emulation enabled due to invalid sequences in prepared statements.

Reporter	Title	Published	Views	Family All 177
Tenable Nessus	Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1352)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1353)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1354)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1355)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2026-008 (ALASPHP8.1-2026-008)	22 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-009 (ALASPHP8.2-2026-009)	22 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.2 (ALSA-2026:1409)	2 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : php:8.2 (ALSA-2026:1412)	2 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.3 (ALSA-2026:1429)	30 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : php (ALSA-2026:1628)	2 Feb 202600:00	–	nessus

NVD

Node

php phpRange8.1.0–8.1.34

php phpRange8.2.0–8.2.30

php phpRange8.3.0–8.3.29

php phpRange8.4.0–8.4.16

php phpRange8.5.0–8.5.1

[
  {
    "defaultStatus": "affected",
    "packageName": "pdo",
    "product": "PHP",
    "vendor": "PHP Group",
    "versions": [
      {
        "lessThan": "8.1.34",
        "status": "affected",
        "version": "8.1.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.2.30",
        "status": "affected",
        "version": "8.2.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.3.29",
        "status": "affected",
        "version": "8.3.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.4.16",
        "status": "affected",
        "version": "8.4.*",
        "versionType": "semver"
      },
      {
        "lessThan": "8.5.1",
        "status": "affected",
        "version": "8.5.*",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj

09 Jan 2026 20:23Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.5

CVSS 48.2

EPSS0.00056

SSVC

CWE-476