diff --git a/NEWS b/NEWS
index 5d8334fdf78..5a70b313c97 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.4.10
 
+- Core:
+  . Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction
+    order). (Daniil Gentili)
 
 03 Jul 2025, PHP 8.4.9
 
diff --git a/Zend/tests/gh18833.phpt b/Zend/tests/gh18833.phpt
new file mode 100644
index 00000000000..d00f860ee43
--- /dev/null
+++ b/Zend/tests/gh18833.phpt
@@ -0,0 +1,24 @@
+--TEST--
+GH-18833 (Use after free with weakmaps dependent on destruction order)
+--FILE--
+<?php
+
+class a {
+    public static WeakMap $map;
+    public static Generator $storage;
+}
+
+a::$map = new WeakMap;
+
+$closure = function () {
+    $obj = new a;
+    a::$map[$obj] = true;
+    yield $obj;
+};
+a::$storage = $closure();
+a::$storage->current();
+
+echo "ok\n";
+?>
+--EXPECT--
+ok
diff --git a/Zend/zend_objects_API.c b/Zend/zend_objects_API.c
index 9b1b6dd4fcb..c19873cf3be 100644
--- a/Zend/zend_objects_API.c
+++ b/Zend/zend_objects_API.c
@@ -100,7 +100,9 @@ ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_
 			if (IS_OBJ_VALID(obj)) {
 				if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
 					GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
-					if (obj->handlers->free_obj != zend_object_std_dtor) {
+					if (obj->handlers->free_obj != zend_object_std_dtor
+					 || (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
+					) {
 						GC_ADDREF(obj);
 						obj->handlers->free_obj(obj);
 					}