{"id":"CVE-2025-1735","details":"In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.","aliases":["BIT-libphp-2025-1735","BIT-php-2025-1735","BIT-php-min-2025-1735","GHSA-hrwm-9436-5mv3"],"modified":"2026-04-16T00:02:54.673319828Z","published":"2025-07-13T23:15:22.940Z","related":["ALSA-2025:23309","ALSA-2026:1409","ALSA-2026:1412","ALSA-2026:2470","SUSE-SU-2025:02462-1","SUSE-SU-2025:02463-1","SUSE-SU-2025:02473-1","SUSE-SU-2025:02474-1","openSUSE-SU-2025:15340-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/07/11/4"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115"},{"fixed":"1996831969293a866863f7148f5416e99ea123cb"},{"introduced":"70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2"},{"fixed":"a6855fae73d7a969788e7ec916ae6c4cda2fc7e3"},{"introduced":"d26068059e83fe40de3430a512471d194119bee0"},{"fixed":"ad881e753961115ceaf340bc47e7151fd9be1b45"},{"introduced":"b437f2b32eb364c9496d24abcc734272e5c9c980"},{"fixed":"5b61b6dd838cd5fc70f1f1325dfdfd8730d966fb"}],"database_specific":{"versions":[{"introduced":"8.1.0"},{"fixed":"8.1.33"},{"introduced":"8.2.0"},{"fixed":"8.2.29"},{"introduced":"8.3.0"},{"fixed":"8.3.23"},{"introduced":"8.4.0"},{"fixed":"8.4.10"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1735.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}