CVE-2025-43960

HIGH

Adminer 4.8.1 - Unauthenticated Denial of Service via Crafted Serialized Payload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-43960. PoCs published by far00t01.

AI-analyzed exploit summary This repository contains a working proof-of-concept exploit for CVE-2025-43960, a PHP Object Injection vulnerability in Adminer < 4.8.1 via Monolog, leading to a Denial of Service (DoS) through memory manipulation. The exploit generates a large serialized payload to trigger excessive memory consumption.

Description

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.

Exploits (1)

nomisec WORKING POC

by far00t01 · poc

https://github.com/far00t01/CVE-2025-43960

View Code ZIP pw:eip

This repository contains a working proof-of-concept exploit for CVE-2025-43960, a PHP Object Injection vulnerability in Adminer < 4.8.1 via Monolog, leading to a Denial of Service (DoS) through memory manipulation. The exploit generates a large serialized payload to trigger excessive memory consumption.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Adminer < 4.8.1

No auth needed

Prerequisites: Adminer instance using Monolog for logging · Network access to the target Adminer instance

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Product

https://github.com/Seldaek/monolog

Exploit, Third Party Advisory

https://github.com/far00t01/CVE-2025-43960

Release Notes

https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2

Product

https://www.adminer.org

Scores

CVSS v3 8.6

EPSS 0.0068

EPSS Percentile 47.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-502

Status published

Products (2)

adminer/adminer 4.8.1

vrana/adminer 0Packagist

Published Aug 25, 2025

Tracked Since Feb 18, 2026