CVE-2025-24530 MEDIUM

CVE-2025-24530

Vendor Phpmyadmin

Product phpMyAdmin

Weakness CWE-79 · XSS

Published January 23, 2025

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.

Key dates

02Disclosure timeline

January 23, 2025 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-24530

Related vulnerabilities

04Related CVE

CVE-2024-8652 Netcat CMS: reflected cross-site scripting in openstat module CVE-2022-1750 Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-6717 Keycloak: xss via assertion consumer service url in saml post-binding flow CVE-2018-0452 Cisco Tetration Analytics Cross-Site Scripting Vulnerability CVE-2023-7135 code-projects Record Management System Offices offices.php cross site scripting