What is CVE-2014-125127?

CVE-2014-125127 is a high-severity vulnerability in Flightphp Core, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2025-09-03.

How severe is CVE-2014-125127?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Flightphp Core

CVE-2014-125127

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body…

EPSS: 0.001 (32.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Flightphp Core — versions v1.0

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

github.com/mikecao/flight/pull/125
github.com/mikecao/flight/commit/da40e03eb4a39745107912dffe926a8fce0d38dc
github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2014/CVE-2014-…

Frequently asked questions

What is CVE-2014-125127?: CVE-2014-125127 is a high-severity vulnerability in Flightphp Core, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2025-09-03.
How severe is CVE-2014-125127?: High severity. CVSS v3 base score is 7.5 out of 10.