vulnerability
Ubuntu: USN-7953-1 (CVE-2025-14178): PHP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:N/I:P/A:C) | Dec 27, 2025 | Jan 13, 2026 | Jan 15, 2026 |
Description
It was discovered that PHP incorrectly handled memory while reading images
in multi-chunk mode. An attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu
25.04 and Ubuntu 25.10. (CVE-2025-14177)
It was discovered that PHP incorrectly handled memory when element count
exceeds 32-bit limit. An attacker could possibly use this issue to cause
a denial of service. (CVE-2025-14178)
It was discovered that PHP incorrectly handled memory when using the PDO
PostgreSQL driver. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-14180)
Solutions
References
- CVE-2025-14178
- https://attackerkb.com/topics/CVE-2025-14178
- CWE-190
- CWE-787
- UBUNTU-USN-7953-1
- URL-https://github.com/php/php-src/commit/8b801151bd54b36aae4593ed6cfc096e8122b415
- URL-https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2
- URL-https://ubuntu.com/security/notices/USN-7953-1
- URL-https://www.cve.org/CVERecord?id=CVE-2025-14178
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.