CVE-2025-6491

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-6491 affects the PHP SOAP extension. Creating a SoapVar instance with a fully qualified name exceeding 2GB can trigger a NULL pointer dereference, leading to a segmentation fault and process crash. This is due to limitations in libxml2 versions prior to 2.13, which cannot properly handle calls to xmlNodeSetName() with names longer than 2GB. Attackers could exploit this vulnerability by sending specially crafted SOAP requests, causing a denial-of-service condition. Any PHP application using the SOAP extension is at risk of being crashed by a remote attacker, leading to service disruption.

Description
-

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

18

  1. ⚠️Vulnerabilidades de seguridad en PHP ❗CVE-2025-1735 ❗CVE-2025-6491 ➡️Más info: https://t.co/QbH60r9HEc https://t.co/VmJBROh8pD

    @CERTpy

    4 Jul 2025

    126 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. PHPに深刻な脆弱性(CVE-2025-1735とCVE-2025-6491)が発見された。CVE-2025-1735はPostgreSQL拡張機能におけるエスケープ処理の不備により、SQLインジェクションを許す恐れがある。一方、CVE-2025-6491はSOAP拡張で2GB超の名前

    @yousukezan

    4 Jul 2025

    6531 Impressions

    33 Retweets

    82 Likes

    30 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.