CVE-2025-14177

HIGH

PHP 8.1.0-8.1.33, 8.2.0-8.2.29, 8.3.0-8.3.28, 8.4.0-8.4.15, 8.5.0 - Out-of-bounds Read in getimagesize()

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-14177. PoCs published by 34zY, gl1tch0x1.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-14177, a PHP heap memory leak vulnerability in the getimagesize() function. The exploit generates a malicious JPEG with an oversized APP1 marker to trigger multi-chunk reads, leading to memory corruption and information leakage.

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

Exploits (2)

github WORKING POC

by 34zY · pythonpoc

https://github.com/34zY/CVE-2025-14177

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2025-14177, a PHP heap memory leak vulnerability in the getimagesize() function. The exploit generates a malicious JPEG with an oversized APP1 marker to trigger multi-chunk reads, leading to memory corruption and information leakage.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: PHP (getimagesize function)

No auth needed

Prerequisites: PHP application using getimagesize() · ability to upload malicious JPEG files

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 18, 2026 Full analysis →

github WORKING POC

by gl1tch0x1 · shellpoc

https://github.com/gl1tch0x1/PHP_8.1.x_Exploit

View Code ZIP pw:eip

This repository contains a modular exploit framework for multiple PHP CVEs, including CVE-2025-14177. The script automates detection and exploitation of vulnerabilities in PHP 8.1.x, with specific modules for each CVE.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP 8.1.x

No auth needed

Prerequisites: target URL with vulnerable PHP installation · network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 29, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7

Scores

CVSS v3 7.5

EPSS 0.0047

EPSS Percentile 37.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (2)

php/php 8.5.0

php/php 8.1.0 - 8.1.34

Published Dec 27, 2025

Tracked Since Feb 18, 2026