{"id":"CVE-2025-43960","details":"Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.","aliases":["GHSA-mqh4-2mm8-g7w9"],"modified":"2026-04-10T05:27:08.905558Z","published":"2025-08-25T14:15:30.893Z","references":[{"type":"WEB","url":"https://www.adminer.org"},{"type":"ADVISORY","url":"https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2"},{"type":"PACKAGE","url":"https://github.com/Seldaek/monolog"},{"type":"EVIDENCE","url":"https://github.com/far00t01/CVE-2025-43960"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vrana/adminer","events":[{"introduced":"0"},{"last_affected":"1f173e18bdf0be29182e0d67989df56eadea4754"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.8.1"}]}}],"versions":["v3.0.0","v3.0.1","v3.1.0","v3.2.0","v3.2.1","v3.2.2","v3.3.0","v3.3.1","v3.3.2","v3.3.3","v3.3.4","v3.4.0","v3.5.0","v3.5.1","v3.6.0","v3.6.1","v3.6.2","v3.6.3","v3.6.4","v3.7.0","v3.7.1","v4.0.0","v4.0.1","v4.0.2","v4.0.3","v4.1.0","v4.2.0","v4.2.1","v4.2.2","v4.2.3","v4.2.4","v4.2.5","v4.3.0","v4.3.1","v4.4.0","v4.5.0","v4.6.0","v4.6.1","v4.6.2","v4.6.3","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.7.4","v4.7.5","v4.7.7","v4.7.8","v4.7.9","v4.8.0","v4.8.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43960.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}]}