CVE-2025-43960

Published: Aug 25, 2025

Modified: Aug 25, 2025

PUBLISHED

Description

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2

https://www.adminer.org

https://github.com/Seldaek/monolog

https://github.com/far00t01/CVE-2025-43960

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-43960

Description

Affected Products

References