VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-73nz-mq75-pbhu

Essentials
Severities (28)
References (10)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-73nz-mq75-pbhu
Aliases	CVE-2025-54119 GHSA-vf2r-cxg9-p7rf
Summary	The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2025-54119
cvssv3.1	10.0	https://github.com/ADOdb/ADOdb
generic_textual	CRITICAL	https://github.com/ADOdb/ADOdb
cvssv3.1	10	https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
cvssv3.1	10.0	https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
generic_textual	CRITICAL	https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
ssvc	Track	https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
cvssv3.1	10	https://github.com/ADOdb/ADOdb/issues/1083
cvssv3.1	10.0	https://github.com/ADOdb/ADOdb/issues/1083
generic_textual	CRITICAL	https://github.com/ADOdb/ADOdb/issues/1083
ssvc	Track	https://github.com/ADOdb/ADOdb/issues/1083
cvssv3.1	10	https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
cvssv3.1	10.0	https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
cvssv3.1_qr	CRITICAL	https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
generic_textual	CRITICAL	https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
ssvc	Track	https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-vf2r-cxg9-p7rf
cvssv3.1	10.0	https://lists.debian.org/debian-lts-announce/2025/10/msg00020.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2025/10/msg00020.html
cvssv3.1	10.0	https://nvd.nist.gov/vuln/detail/CVE-2025-54119
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2025-54119

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-54119
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54119
		https://github.com/ADOdb/ADOdb
		https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
		https://github.com/ADOdb/ADOdb/issues/1083
		https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
		https://lists.debian.org/debian-lts-announce/2025/10/msg00020.html
		https://nvd.nist.gov/vuln/detail/CVE-2025-54119
1110464		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110464
GHSA-vf2r-cxg9-p7rf		https://github.com/advisories/GHSA-vf2r-cxg9-p7rf

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://github.com/ADOdb/ADOdb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-05T13:57:17Z/ Found at https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://github.com/ADOdb/ADOdb/issues/1083

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://github.com/ADOdb/ADOdb/issues/1083

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-05T13:57:17Z/ Found at https://github.com/ADOdb/ADOdb/issues/1083

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-05T13:57:17Z/ Found at https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://lists.debian.org/debian-lts-announce/2025/10/msg00020.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-54119

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19899
EPSS Score	0.00063
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:55:58.205397+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-vf2r-cxg9-p7rf/GHSA-vf2r-cxg9-p7rf.json	38.0.0