CVE-2025-6491
PHP vulnerability analysis and mitigation

Overview

CVE-2025-6491 is a vulnerability affecting PHP's SOAP extension that was discovered in July 2025. The vulnerability impacts PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10. This security flaw occurs when a SoapVar instance is created with a fully qualified name exceeding 2GB in size, which can trigger a null pointer dereference (Cybersecurity News, GBHackers).

Technical details

The vulnerability stems from limitations in libxml2 versions prior to 2.13, which cannot properly handle calls to xmlNodeSetName() with names longer than 2GB. When processing oversized namespace prefixes, this leaves XML node objects in an invalid state with NULL names, subsequently causing crashes during message serialization. The flaw manifests through the xmlBuildQName() function and carries a CVSS score of 5.9, indicating moderate severity (Cybersecurity News).

Impact

The primary impact of this vulnerability is the potential for Denial of Service (DoS) conditions. When exploited, the vulnerability causes segmentation faults leading to immediate application termination. Any PHP application using the SOAP extension is at risk of being crashed by a remote attacker, potentially causing service disruption (GBHackers).

Mitigation and workarounds

The recommended mitigation is to update PHP installations to the patched versions: 8.1.33, 8.2.29, 8.3.23, or 8.4.10. These updates address the vulnerability by implementing proper error-handling mechanisms in the affected SOAP extension. System administrators should treat this update with urgency to prevent potential service disruptions (GBHackers).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management