CVE-2025-43960
HIGH EPSS 47.8%
Published Aug 25, 202510mo ago · Modified Jun 17, 20262w ago
8.6 CVSS 3.1
Published Aug 25, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
Description
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability Low
Threat Intelligence
EPSS Exploit Probability
47.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-502 Deserialization of Untrusted Data Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| adminer | adminer | 4.8.1 | any |
References 4
- github.com https://github.com/Seldaek/monolog
- github.com https://github.com/far00t01/CVE-2025-43960
- github.com https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2
- adminer.org https://www.adminer.org
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.