VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-23az-qkmn-gbe3

Essentials
Severities (40)
References (8)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-23az-qkmn-gbe3
Aliases	CVE-2025-24530 GHSA-222v-cx2c-q2f5
Summary	phpMyAdmin XSS when checking tables An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2025-24530
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-222v-cx2c-q2f5
cvssv3.1	6.4	https://github.com/phpmyadmin/phpmyadmin
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin
cvssv3.1	6.4	https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7
generic_textual	MODERATE	https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7
cvssv3.1	6.4	https://nvd.nist.gov/vuln/detail/CVE-2025-24530
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-24530
cvssv3.1	6.4	https://www.phpmyadmin.net/security/PMASA-2025-1
generic_textual	MODERATE	https://www.phpmyadmin.net/security/PMASA-2025-1
cvssv3.1	6.4	https://www.phpmyadmin.net/security/PMASA-2025-1/
ssvc	Track	https://www.phpmyadmin.net/security/PMASA-2025-1/

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-24530
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24530
		https://github.com/phpmyadmin/phpmyadmin
		https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7
		https://nvd.nist.gov/vuln/detail/CVE-2025-24530
		https://www.phpmyadmin.net/security/PMASA-2025-1
GHSA-222v-cx2c-q2f5		https://github.com/advisories/GHSA-222v-cx2c-q2f5
PMASA-2025-1		https://www.phpmyadmin.net/security/PMASA-2025-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-24530

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://www.phpmyadmin.net/security/PMASA-2025-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://www.phpmyadmin.net/security/PMASA-2025-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T15:02:00Z/ Found at https://www.phpmyadmin.net/security/PMASA-2025-1/

Exploit Prediction Scoring System (EPSS)

Percentile	0.17472
EPSS Score	0.00056
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:37:19.412675+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-222v-cx2c-q2f5/GHSA-222v-cx2c-q2f5.json	37.0.0