CVE-2025-43960 — HIGH (8.6)

Vulnerability Description

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Adminer	Adminer	4.8.1

Related Weaknesses (CWE)

CWE-502

References

https://github.com/Seldaek/monologProduct
https://github.com/far00t01/CVE-2025-43960ExploitThird Party Advisory
https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2Release Notes
https://www.adminer.orgProduct

FAQ

What is CVE-2025-43960?

CVE-2025-43960 is a vulnerability with a CVSS score of 8.6 (HIGH). Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Rem...

How severe is CVE-2025-43960?

CVE-2025-43960 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-43960?

Check the references section above for vendor advisories and patch information. Affected products include: Adminer Adminer.