A severe security flaw has been discovered in ADOdb, a popular database abstraction library for PHP. The issue affects environments using PostgreSQL and could allow attackers to execute arbitrary SQL commands. The vulnerability has been assigned CVE-2025-46337 and rated as Critical.

What is ADOdb?

ADOdb is a widely used PHP library that simplifies database interactions by offering support for multiple database systems, including MySQL, PostgreSQL, SQLite, and others. It’s favored for its consistency and portability in managing database operations across different platforms.

Overview of the Vulnerability

CVE-2025-46337: SQL Injection Risk

The flaw resides specifically in ADOdb’s PostgreSQL driver. Due to improper escaping of certain input parameters, attackers can inject and execute malicious SQL statements. This makes systems running ADOdb with PostgreSQL highly vulnerable to SQL injection attacks.

Severity Score: CVSS 10.0 – Critical

According to the official report on GitHub, this vulnerability has been given the highest CVSS v3.1 base score of 10.0, marking it as Critical. That means it can potentially lead to full system compromise if exploited.

Immediate Action Required: Update to ADOdb 5.22.9

The ADOdb development team has responded swiftly by releasing version 5.22.9 on May 1, 2025, which includes a fix for this vulnerability. In addition to addressing CVE-2025-46337, this release also resolves bugs related to:

  • Compatibility with PHP 8.2
  • Fixes in the SQLite3 driver

Developers using PostgreSQL with ADOdb are strongly urged to update to this version without delay to prevent potential exploitation.

How to Update ADOdb

If your project is using Composer, updating is simple:

composer update adodb/adodb-php

Or manually download the latest version from the official ADOdb GitHub repository.

Final Thoughts

Security in web applications is only as strong as its components. Vulnerabilities like this one highlight the importance of regularly monitoring third-party libraries and applying patches immediately. Especially in production environments handling sensitive user data, keeping dependencies up to date is critical.

If you’re using PostgreSQL with ADOdb, take this warning seriously and update now.

Share this post

Author

Editorial Team
Editorial Team
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape

Comments