CVE-2025-24530: phpMyAdmin XSS when checking tables

January 23, 2025

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.

References

github.com/advisories/GHSA-222v-cx2c-q2f5
github.com/phpmyadmin/phpmyadmin
github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7
nvd.nist.gov/vuln/detail/CVE-2025-24530
www.phpmyadmin.net/security/PMASA-2025-1

Detect and mitigate CVE-2025-24530 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →