Vulnerability Description
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
- https://github.com/ADOdb/ADOdb/issues/1083
- https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
- https://lists.debian.org/debian-lts-announce/2025/10/msg00020.html
FAQ
What is CVE-2025-54119?
CVE-2025-54119 is a vulnerability with a CVSS score of 10.0 (CRITICAL). ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attack...
How severe is CVE-2025-54119?
CVE-2025-54119 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-54119?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.