VYPR
← All advisories
Medium severity6.4NVD Advisory· Published Jan 23, 2025· Updated Apr 15, 2026

CVE-2025-24529

CVE-2025-24529

Description

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in phpMyAdmin Insert tab allows attackers to inject arbitrary HTML/JavaScript via crafted input.

Vulnerability

An XSS vulnerability exists in phpMyAdmin's Insert tab, affecting versions 5.x prior to 5.2.2. The issue arises from insufficient sanitization of user-supplied input on the Insert page, enabling injection of malicious scripts [1].

Exploitation

An attacker can craft a request to the Insert tab containing malicious HTML or JavaScript. No authentication is required if the target phpMyAdmin instance is exposed, though exploitation typically requires user interaction (e.g., a logged-in admin viewing the manipulated page). The vulnerability is triggered when the Insert page renders the unsanitized data [1].

Impact

Successful exploitation allows the attacker to execute arbitrary scripts in the context of the victim's browser. This can lead to session hijacking, defacement, or theft of sensitive data displayed on the page. The CVSS v3 score is 6.4 (Medium) reflecting moderate impact [1].

Mitigation

The issue is fixed in phpMyAdmin 5.2.2. Users are advised to upgrade immediately. No workarounds are documented; applying the provided patch is also an option [1].

References
  1. PMASA-2025-2

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.