CVE-2025-14179: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in PHP Group PHP
CVE-2025-14179 is a high-severity SQL injection vulnerability in the PHP PDO Firebird driver affecting PHP versions 8. 2. * before 8. 2. 31, 8. 3. * before 8. 3. 31, 8. 4.
AI Analysis
Technical Summary
This vulnerability involves improper neutralization of special elements in SQL commands (CWE-89) within the PHP PDO Firebird driver. Specifically, when preparing SQL queries, string tokens containing NUL bytes are copied using strncat(), which truncates at the NUL byte and drops the closing quote. This causes the SQL parser to treat subsequent tokens as part of the string, enabling SQL injection attacks if attacker-controlled input is quoted via PDO::quote() and embedded in SQL statements. The flaw affects multiple PHP 8.x versions prior to specified patch levels.
Potential Impact
Successful exploitation could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized data access or manipulation. The CVSS 4.0 score of 7.4 reflects a high severity with network attack vector, low attack complexity, partial user interaction, and high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround is currently documented. Users should monitor PHP Group advisories for updates and consider avoiding use of the PDO Firebird driver with untrusted input until a fix is released.
CVE-2025-14179: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in PHP Group PHP
Description
CVE-2025-14179 is a high-severity SQL injection vulnerability in the PHP PDO Firebird driver affecting PHP versions 8. 2. * before 8. 2. 31, 8. 3. * before 8. 3. 31, 8. 4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper neutralization of special elements in SQL commands (CWE-89) within the PHP PDO Firebird driver. Specifically, when preparing SQL queries, string tokens containing NUL bytes are copied using strncat(), which truncates at the NUL byte and drops the closing quote. This causes the SQL parser to treat subsequent tokens as part of the string, enabling SQL injection attacks if attacker-controlled input is quoted via PDO::quote() and embedded in SQL statements. The flaw affects multiple PHP 8.x versions prior to specified patch levels.
Potential Impact
Successful exploitation could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized data access or manipulation. The CVSS 4.0 score of 7.4 reflects a high severity with network attack vector, low attack complexity, partial user interaction, and high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround is currently documented. Users should monitor PHP Group advisories for updates and consider avoiding use of the PDO Firebird driver with untrusted input until a fix is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- php
- Date Reserved
- 2025-12-06T06:34:43.979Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a000b48cbff5d861022ac68
Added to database: 5/10/2026, 4:36:24 AM
Last enriched: 5/10/2026, 4:51:28 AM
Last updated: 5/10/2026, 10:36:32 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.