CVE-2025-67899 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-67899 PUBLISHED CVSS 2.9000000953674316 LOW

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

EPSS 0.02% · 4.4th percentile

Risk Scores

CVSS v3.1

2.9000000953674316

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.02%

4.4th percentile

Affected Products

Vendor	Product	Versions
uriparser_project	uriparser
uriparser project	uriparser	0

Timeline

Dec 14, 2025 CVE ID Reserved
Dec 14, 2025 CVE Published
Dec 15, 2025 EPSS Score
Dec 15, 2025 PoC Published
Dec 15, 2025 CVE Updated
Dec 18, 2025 EPSS Score
Dec 20, 2025 PoC Published
Dec 21, 2025 PoC Published
Dec 22, 2025 EPSS Score
Dec 25, 2025 EPSS Score
Dec 29, 2025 EPSS Score
Jan 1, 2026 EPSS Score

References

https://github.com/uriparser/uriparser/issues/282 url
https://github.com/uriparser/uriparser/pull/284 url
http://www.openwall.com/lists/oss-security/2025/12/15/1 url
https://nvd.nist.gov/vuln/detail/CVE-2025-67899 advisory
https://www.php.net/ChangeLog-8.php#8.1.34 advisory
https://www.php.net/ChangeLog-8.php#8.3.29 advisory
https://www.php.net/ChangeLog-8.php#8.4.16 advisory
https://www.php.net/ChangeLog-8.php#8.2.30 advisory
https://www.php.net/ChangeLog-8.php#8.5.1 advisory

Open in Interactive Console →