CVE-2025-6491 – Apache PHP SOAP XML Namespace Prefix Overflow Vulnerability

July 13, 2025

CVE ID : CVE-2025-6491

Published : July 13, 2025, 10:15 p.m. | 2 hours, 15 minutes ago

Description : In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7543 – PHPGurukul User Registration & Login and User Management System SQL Injection Vulnerability

Next Article CVE-2025-7544 – Tenda AC1206 Stack-Based Buffer Overflow Vulnerability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

Germany wants Google and Apple to ban China’s “illegal” DeepSeek AI — after it failed to comply with data protection laws

Microsoft’s extra year of free Windows 10 security updates feels like a last-minute snooze button — while groups like “The Restart Project” still want to help users

The Xbox Ally and Xbox Ally X prices may have leaked — and if true, it’s not as bad as I thought

The details of TC39’s last meeting

The details of TC39’s last meeting

Modern async iteration in JavaScript with Array.fromAsync()

Vite vs Webpack: A Guide to Choosing the Right Bundler

LocalStack is a cloud service emulator

LocalStack is a cloud service emulator

Sysdig – dig deeper

minnow – simple and fairly weak chess engine

CVE-2025-6491 – Apache PHP SOAP XML Namespace Prefix Overflow Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

Gemini 2.0 is now available to everyone

CVE-2025-37878 – Linux Kernel Perf Core Context Assignment Vulnerability

How to Build a Lean Security Model: 5 Lessons from River Island

CVE-2025-4593 – WordPress WP Register Profile With Shortcode Sensitive Information Exposure

This refurbished Surface Laptop 7 was already cheap, but on the LAST day of anti-Prime Day sales, it’s now even cheaper — but you must act now!

Netflix introduces a new ‘dialogue only’ subtitles option (crowd cheers)

CVE-2025-29690 – OA System Cross-Site Scripting (XSS)

CVE-2025-6491 – Apache PHP SOAP XML Namespace Prefix Overflow Vulnerability

Related Posts