CVE-2025-14178

HIGH EPSS 34.3%
Published Dec 27, 20256mo ago · Modified Jun 17, 20261w ago
8.2 CVSS 3.1
High
Find Similar
Published Dec 27, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

CVSS Details

Base Score
8.2
Exploitability
3.9
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability High

Threat Intelligence

EPSS Exploit Probability
34.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-190 Integer Overflow or Wraparound Numeric Error
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 5

VendorProductVersionRange
phpphp*≥8.1.0  –  <8.1.34
phpphp*≥8.2.0  –  <8.2.30
phpphp*≥8.3.0  –  <8.3.29
phpphp*≥8.4.0  –  <8.4.16
phpphp*≥8.5.0  –  <8.5.1

References 2

  • github.com https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2
    Vendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2026/01/msg00019.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.