CVE-2025-43960
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-25

Last updated on: 2025-09-12

Assigner: MITRE

Description
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-25
Last Modified
2025-09-12
Generated
2026-06-16
AI Q&A
2025-08-25
EPSS Evaluated
2026-06-14
NVD
CVE-2025-43960
EUVD
EUVD-2025-25694
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adminer adminer 4.8.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Adminer 4.8.1 occurs when it uses Monolog for logging and improperly deserializes untrusted user input. An attacker can send a crafted serialized payload containing an extremely large string, causing PHP Object Injection that leads to excessive memory consumption. This results in a Denial of Service (DoS) where the Adminer interface becomes unresponsive and the server may crash or require manual intervention to recover. [1]

Impact Analysis

The vulnerability can cause a Denial of Service by exhausting server memory, making the Adminer interface unresponsive and potentially crashing the server. In environments like shared hosting or containers, this can affect other services or tenants, escalating the impact. Recovery may take several minutes, and multiple simultaneous attacks can cause a complete server crash requiring manual intervention. [1]

Detection Guidance

Detection can involve monitoring for unusual or excessive memory usage on the server hosting Adminer, especially when Monolog logging is enabled. Network detection could include inspecting incoming requests for unusually large serialized payloads targeting Adminer endpoints. Since the exploit involves sending crafted serialized objects with very large string lengths (e.g., s:1000000000), commands to detect such payloads could include using tools like tcpdump or Wireshark to capture HTTP traffic and grep or similar tools to search for suspicious serialized strings. For example, using tcpdump to capture traffic on port 80 or 443 and then searching for 's:1000000000' in the payloads. Additionally, monitoring PHP error logs or Adminer logs for memory exhaustion or crashes can help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Avoid using unserialize() on untrusted user input in Adminer, especially when Monolog is used for logging. 2) Enforce PHP memory limits by setting the memory_limit directive to a reasonable value to prevent excessive memory consumption. 3) Use the allowed_classes option in the unserialize() function to restrict deserialization only to authorized classes, preventing arbitrary object injection. 4) If possible, update Adminer to a version that patches this vulnerability or apply any available patches. 5) Monitor and restrict incoming requests to Adminer to detect and block suspicious serialized payloads. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-43960. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart