Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-24529 (GCVE-0-2025-24529)
Vulnerability from cvelistv5 – Published: 2025-01-23 00:00 – Updated: 2025-11-03 19:44
VLAI?
EPSS
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Affected:
5.0.0 , < 5.2.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T15:02:51.479392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T15:02:59.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:49.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T05:34:02.560Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24529",
"datePublished": "2025-01-23T00:00:00.000Z",
"dateReserved": "2025-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:44:49.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-24529\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-01-23T06:15:27.710\",\"lastModified\":\"2025-11-03T20:17:56.900\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en phpMyAdmin 5.x anterior a 5.2.2. Se descubri\u00f3 una vulnerabilidad XSS para la pesta\u00f1a Insertar.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://www.phpmyadmin.net/security/PMASA-2025-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24529\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-23T15:02:51.479392Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-23T15:02:55.307Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"phpMyAdmin\", \"product\": \"phpMyAdmin\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0\", \"lessThan\": \"5.2.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.phpmyadmin.net/security/PMASA-2025-2/\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.2.2\", \"versionStartIncluding\": \"5.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-01-23T05:34:02.560Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-24529\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-23T15:02:59.549Z\", \"dateReserved\": \"2025-01-23T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-01-23T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-HJG3-5H8C-33GF
Vulnerability from github – Published: 2025-01-23 06:31 – Updated: 2025-11-03 21:32
VLAI?
Details
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
Severity ?
6.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-24529"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-23T06:15:27Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.",
"id": "GHSA-hjg3-5h8c-33gf",
"modified": "2025-11-03T21:32:22Z",
"published": "2025-01-23T06:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24529"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
},
{
"type": "WEB",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
bit-phpmyadmin-2025-24529
Vulnerability from bitnami_vulndb
Published
2025-04-24 07:21
Modified
2025-11-06 13:25
Summary
Details
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "phpmyadmin",
"purl": "pkg:bitnami/phpmyadmin"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-24529"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:php:*:*"
],
"severity": "Medium"
},
"details": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.",
"id": "BIT-phpmyadmin-2025-24529",
"modified": "2025-11-06T13:25:46.476Z",
"published": "2025-04-24T07:21:41.489Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24529"
},
{
"type": "WEB",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"schema_version": "1.6.2"
}
WID-SEC-W-2025-0154
Vulnerability from csaf_certbund - Published: 2025-01-21 23:00 - Updated: 2025-04-08 22:00Summary
phpMyAdmin: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: phpMyAdmin ist eine in PHP geschriebene Web-Oberfläche zur Administration von MySQL Datenbanken.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in phpMyAdmin ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "phpMyAdmin ist eine in PHP geschriebene Web-Oberfl\u00e4che zur Administration von MySQL Datenbanken.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in phpMyAdmin ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0154 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0154.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0154 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0154"
},
{
"category": "external",
"summary": "phpMyAdmin Security Advisory vom 2025-01-21",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-1/"
},
{
"category": "external",
"summary": "phpMyAdmin Security Advisory vom 2025-01-21",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0081-1 vom 2025-03-03",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/472PX6IZ26ALBE66YKBJD3XTN7M34U4L/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4121 vom 2025-04-08",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"source_lang": "en-US",
"title": "phpMyAdmin: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2025-04-08T22:00:00.000+00:00",
"generator": {
"date": "2025-04-09T08:21:44.645+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0154",
"initial_release_date": "2025-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
},
{
"date": "2025-03-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.2",
"product": {
"name": "Open Source phpMyAdmin \u003c5.2.2",
"product_id": "T040507"
}
},
{
"category": "product_version",
"name": "5.2.2",
"product": {
"name": "Open Source phpMyAdmin 5.2.2",
"product_id": "T040507-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:phpmyadmin:phpmyadmin:5.2.2"
}
}
}
],
"category": "product_name",
"name": "phpMyAdmin"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-24529",
"product_status": {
"known_affected": [
"T040507",
"2951",
"T027843"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-24529"
},
{
"cve": "CVE-2025-24530",
"product_status": {
"known_affected": [
"T040507",
"2951",
"T027843"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-24530"
}
]
}
BDU:2025-14434
Vulnerability from fstec - Published: 23.01.2025
VLAI Severity ?
Title
Уязвимость веб-приложения для администрирования cистем управления базами данных phpMyAdmin, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость веб-приложения для администрирования cистем управления базами данных phpMyAdmin связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Novell Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», phpMyAdmin Developer Team
Software Name
openSUSE Tumbleweed, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), OpenSUSE Leap, SUSE Package Hub, phpMyAdmin
Software Version
- (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Package Hub), от 5.0 до 5.2.2 (phpMyAdmin)
Possible Mitigations
Использование рекомендаций:
https://www.phpmyadmin.net/security/PMASA-2025-2/
Для РедОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-phpmyadmin-cve-2025-24529-cve-2025-24530/?sphrase_id=1345393
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2025-24529
Для программных продуктов Novell Inc.:
https://www.suse.com/ko-kr/security/cve/CVE-2025-24529.html
Reference
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-phpmyadmin-cve-2025-24529-cve-2025-24530/?sphrase_id=1345393
https://www.phpmyadmin.net/security/PMASA-2025-2/
https://security-tracker.debian.org/tracker/CVE-2025-24529
https://www.suse.com/ko-kr/security/cve/CVE-2025-24529.html
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, phpMyAdmin Developer Team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Package Hub), \u043e\u0442 5.0 \u0434\u043e 5.2.2 (phpMyAdmin)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.phpmyadmin.net/security/PMASA-2025-2/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-phpmyadmin-cve-2025-24529-cve-2025-24530/?sphrase_id=1345393\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-24529\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/ko-kr/security/cve/CVE-2025-24529.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.11.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.11.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-14434",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-24529",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE Tumbleweed, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), OpenSUSE Leap, SUSE Package Hub, phpMyAdmin",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE Tumbleweed - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. OpenSUSE Leap 15.6 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f c\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 phpMyAdmin, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f c\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 phpMyAdmin \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-phpmyadmin-cve-2025-24529-cve-2025-24530/?sphrase_id=1345393\nhttps://www.phpmyadmin.net/security/PMASA-2025-2/\nhttps://security-tracker.debian.org/tracker/CVE-2025-24529\nhttps://www.suse.com/ko-kr/security/cve/CVE-2025-24529.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)"
}
FKIE_CVE-2025-24529
Vulnerability from fkie_nvd - Published: 2025-01-23 06:15 - Updated: 2025-11-03 20:17
Severity ?
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en phpMyAdmin 5.x anterior a 5.2.2. Se descubri\u00f3 una vulnerabilidad XSS para la pesta\u00f1a Insertar."
}
],
"id": "CVE-2025-24529",
"lastModified": "2025-11-03T20:17:56.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
}
]
},
"published": "2025-01-23T06:15:27.710",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2025:0081-1
Vulnerability from csaf_opensuse - Published: 2025-03-03 09:28 - Updated: 2025-03-03 09:28Summary
Security update for phpMyAdmin
Severity
Important
Notes
Title of the patch: Security update for phpMyAdmin
Description of the patch: This update for phpMyAdmin fixes the following issues:
Update to version 5.2.2:
- CVE-2025-24530: XSS in the 'Check Tables' feature (bsc#1236312).
- CVE-2025-24529: XSS in the 'Insert' tab (bsc#1236311).
- CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences (bsc#1222992).
- CVE-2023-30536: slim/psr7: improper header validation (bsc#1238159).
Patchnames: openSUSE-2025-81
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for phpMyAdmin",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for phpMyAdmin fixes the following issues:\n\nUpdate to version 5.2.2:\n\n- CVE-2025-24530: XSS in the \u0027Check Tables\u0027 feature (bsc#1236312).\n- CVE-2025-24529: XSS in the \u0027Insert\u0027 tab (bsc#1236311).\n- CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences (bsc#1222992).\n- CVE-2023-30536: slim/psr7: improper header validation (bsc#1238159).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2025-81",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_0081-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:0081-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/472PX6IZ26ALBE66YKBJD3XTN7M34U4L/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:0081-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/472PX6IZ26ALBE66YKBJD3XTN7M34U4L/"
},
{
"category": "self",
"summary": "SUSE Bug 1222992",
"url": "https://bugzilla.suse.com/1222992"
},
{
"category": "self",
"summary": "SUSE Bug 1236311",
"url": "https://bugzilla.suse.com/1236311"
},
{
"category": "self",
"summary": "SUSE Bug 1236312",
"url": "https://bugzilla.suse.com/1236312"
},
{
"category": "self",
"summary": "SUSE Bug 1238159",
"url": "https://bugzilla.suse.com/1238159"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-30536 page",
"url": "https://www.suse.com/security/cve/CVE-2023-30536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2961 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24529 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24530 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24530/"
}
],
"title": "Security update for phpMyAdmin",
"tracking": {
"current_release_date": "2025-03-03T09:28:26Z",
"generator": {
"date": "2025-03-03T09:28:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:0081-1",
"initial_release_date": "2025-03-03T09:28:26Z",
"revision_history": [
{
"date": "2025-03-03T09:28:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"product": {
"name": "phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"product_id": "phpMyAdmin-5.2.2-bp156.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"product": {
"name": "phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"product_id": "phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"product": {
"name": "phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"product_id": "phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP6",
"product": {
"name": "SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-5.2.2-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch"
},
"product_reference": "phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch"
},
"product_reference": "phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
},
"product_reference": "phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-5.2.2-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch"
},
"product_reference": "phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch"
},
"product_reference": "phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
},
"product_reference": "phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-30536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-30536"
}
],
"notes": [
{
"category": "general",
"text": "slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service\u0027s web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-30536",
"url": "https://www.suse.com/security/cve/CVE-2023-30536"
},
{
"category": "external",
"summary": "SUSE Bug 1238159 for CVE-2023-30536",
"url": "https://bugzilla.suse.com/1238159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-03T09:28:26Z",
"details": "moderate"
}
],
"title": "CVE-2023-30536"
},
{
"cve": "CVE-2024-2961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2961"
}
],
"notes": [
{
"category": "general",
"text": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2961",
"url": "https://www.suse.com/security/cve/CVE-2024-2961"
},
{
"category": "external",
"summary": "SUSE Bug 1222992 for CVE-2024-2961",
"url": "https://bugzilla.suse.com/1222992"
},
{
"category": "external",
"summary": "SUSE Bug 1223019 for CVE-2024-2961",
"url": "https://bugzilla.suse.com/1223019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-03T09:28:26Z",
"details": "important"
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2025-24529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24529"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24529",
"url": "https://www.suse.com/security/cve/CVE-2025-24529"
},
{
"category": "external",
"summary": "SUSE Bug 1236311 for CVE-2025-24529",
"url": "https://bugzilla.suse.com/1236311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-03T09:28:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-24529"
},
{
"cve": "CVE-2025-24530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24530"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24530",
"url": "https://www.suse.com/security/cve/CVE-2025-24530"
},
{
"category": "external",
"summary": "SUSE Bug 1236312 for CVE-2025-24530",
"url": "https://bugzilla.suse.com/1236312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"SUSE Package Hub 15 SP6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-apache-5.2.2-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:phpMyAdmin-lang-5.2.2-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-03T09:28:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-24530"
}
]
}
OPENSUSE-SU-2025:14846-1
Vulnerability from csaf_opensuse - Published: 2025-02-28 00:00 - Updated: 2025-02-28 00:00Summary
phpMyAdmin-5.2.2-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: phpMyAdmin-5.2.2-2.1 on GA media
Description of the patch: These are all security issues fixed in the phpMyAdmin-5.2.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14846
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "phpMyAdmin-5.2.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the phpMyAdmin-5.2.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14846",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14846-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24529 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24530 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24530/"
}
],
"title": "phpMyAdmin-5.2.2-2.1 on GA media",
"tracking": {
"current_release_date": "2025-02-28T00:00:00Z",
"generator": {
"date": "2025-02-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14846-1",
"initial_release_date": "2025-02-28T00:00:00Z",
"revision_history": [
{
"date": "2025-02-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-5.2.2-2.1.aarch64",
"product": {
"name": "phpMyAdmin-5.2.2-2.1.aarch64",
"product_id": "phpMyAdmin-5.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-apache-5.2.2-2.1.aarch64",
"product": {
"name": "phpMyAdmin-apache-5.2.2-2.1.aarch64",
"product_id": "phpMyAdmin-apache-5.2.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-lang-5.2.2-2.1.aarch64",
"product": {
"name": "phpMyAdmin-lang-5.2.2-2.1.aarch64",
"product_id": "phpMyAdmin-lang-5.2.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-5.2.2-2.1.ppc64le",
"product": {
"name": "phpMyAdmin-5.2.2-2.1.ppc64le",
"product_id": "phpMyAdmin-5.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-apache-5.2.2-2.1.ppc64le",
"product": {
"name": "phpMyAdmin-apache-5.2.2-2.1.ppc64le",
"product_id": "phpMyAdmin-apache-5.2.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-lang-5.2.2-2.1.ppc64le",
"product": {
"name": "phpMyAdmin-lang-5.2.2-2.1.ppc64le",
"product_id": "phpMyAdmin-lang-5.2.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-5.2.2-2.1.s390x",
"product": {
"name": "phpMyAdmin-5.2.2-2.1.s390x",
"product_id": "phpMyAdmin-5.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-apache-5.2.2-2.1.s390x",
"product": {
"name": "phpMyAdmin-apache-5.2.2-2.1.s390x",
"product_id": "phpMyAdmin-apache-5.2.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-lang-5.2.2-2.1.s390x",
"product": {
"name": "phpMyAdmin-lang-5.2.2-2.1.s390x",
"product_id": "phpMyAdmin-lang-5.2.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-5.2.2-2.1.x86_64",
"product": {
"name": "phpMyAdmin-5.2.2-2.1.x86_64",
"product_id": "phpMyAdmin-5.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-apache-5.2.2-2.1.x86_64",
"product": {
"name": "phpMyAdmin-apache-5.2.2-2.1.x86_64",
"product_id": "phpMyAdmin-apache-5.2.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "phpMyAdmin-lang-5.2.2-2.1.x86_64",
"product": {
"name": "phpMyAdmin-lang-5.2.2-2.1.x86_64",
"product_id": "phpMyAdmin-lang-5.2.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-5.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.aarch64"
},
"product_reference": "phpMyAdmin-5.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-5.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.ppc64le"
},
"product_reference": "phpMyAdmin-5.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-5.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.s390x"
},
"product_reference": "phpMyAdmin-5.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-5.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.x86_64"
},
"product_reference": "phpMyAdmin-5.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-apache-5.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.aarch64"
},
"product_reference": "phpMyAdmin-apache-5.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-apache-5.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.ppc64le"
},
"product_reference": "phpMyAdmin-apache-5.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-apache-5.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.s390x"
},
"product_reference": "phpMyAdmin-apache-5.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-apache-5.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.x86_64"
},
"product_reference": "phpMyAdmin-apache-5.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-lang-5.2.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.aarch64"
},
"product_reference": "phpMyAdmin-lang-5.2.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-lang-5.2.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.ppc64le"
},
"product_reference": "phpMyAdmin-lang-5.2.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-lang-5.2.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.s390x"
},
"product_reference": "phpMyAdmin-lang-5.2.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-lang-5.2.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.x86_64"
},
"product_reference": "phpMyAdmin-lang-5.2.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-24529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24529"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24529",
"url": "https://www.suse.com/security/cve/CVE-2025-24529"
},
{
"category": "external",
"summary": "SUSE Bug 1236311 for CVE-2025-24529",
"url": "https://bugzilla.suse.com/1236311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-24529"
},
{
"cve": "CVE-2025-24530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24530"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24530",
"url": "https://www.suse.com/security/cve/CVE-2025-24530"
},
{
"category": "external",
"summary": "SUSE Bug 1236312 for CVE-2025-24530",
"url": "https://bugzilla.suse.com/1236312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-apache-5.2.2-2.1.x86_64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-lang-5.2.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-24530"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…