DEBIAN-CVE-2025-1735

DEBIAN-CVE-2025-1735 PUBLISHED CVSS 7.5 HIGH

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	php7.4	7.4.21-1+deb11u1, 7.4.26-1, 7.4.28-1+deb11u1
Debian:13	php8.4	0, 0
Debian:14	php8.4	0, 0
Debian:12	php8.2	8.2.17-1, 8.2.18-1, 8.2.18-1

Exploit Intelligence

CVE-2025-1735.js (github-poc)
cve_db.json (github-poc)

Timeline

Jul 13, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-1735 advisory

Open in Interactive Console →