CVE-2025-5257: Php Recursive Pass By Value Array Mutation
A function iterates over an array by value, but passes that value to a recursive call expecting an array by reference. This means recursive modifications only affect the local copy of the loop element, bypass the intended array structure mutation, and can lead to security bypasses such as insufficient sanitization (e.g. SQL injection) when deep nesting is us
PHPβgreprules fetch cve-2025-5257-php-recursive-pass-by-value-array-mutation --engine opengrepDescription
A function iterates over an array by value, but passes that value to a recursive call expecting an array by reference. This means recursive modifications only affect the local copy of the loop element, bypass the intended array structure mutation, and can lead to security bypasses such as insufficient sanitization (e.g. SQL injection) when deep nesting is us
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0