VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5tnq-1pgt-r7h5

Essentials
Severities (14)
References (9)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5tnq-1pgt-r7h5
Aliases	CVE-2025-43960 GHSA-mqh4-2mm8-g7w9
Summary	Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-502	Deserialization of Untrusted Data
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00508	https://api.first.org/data/v1/epss?cve=CVE-2025-43960
cvssv3.1	8.6	https://github.com/far00t01/CVE-2025-43960
generic_textual	HIGH	https://github.com/far00t01/CVE-2025-43960
ssvc	Track	https://github.com/far00t01/CVE-2025-43960
cvssv3.1	8.6	https://github.com/Seldaek/monolog
ssvc	Track	https://github.com/Seldaek/monolog
cvssv3.1	8.6	https://github.com/vrana/adminer
generic_textual	HIGH	https://github.com/vrana/adminer
cvssv3.1	8.6	https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2
ssvc	Track	https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2
cvssv3.1	8.6	https://nvd.nist.gov/vuln/detail/CVE-2025-43960
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2025-43960
cvssv3.1	8.6	https://www.adminer.org
ssvc	Track	https://www.adminer.org

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-43960
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43960
		https://github.com/vrana/adminer
		https://nvd.nist.gov/vuln/detail/CVE-2025-43960
CVE-2025-43960		https://github.com/far00t01/CVE-2025-43960
GHSA-mqh4-2mm8-g7w9		https://github.com/advisories/GHSA-mqh4-2mm8-g7w9
monolog		https://github.com/Seldaek/monolog
v4.8.1...v4.8.2		https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2
www.adminer.org		https://www.adminer.org

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/far00t01/CVE-2025-43960

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-25T13:37:10Z/ Found at https://github.com/far00t01/CVE-2025-43960

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/Seldaek/monolog

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-25T13:37:10Z/ Found at https://github.com/Seldaek/monolog

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/vrana/adminer

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-25T13:37:10Z/ Found at https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-43960

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://www.adminer.org

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-25T13:37:10Z/ Found at https://www.adminer.org

Exploit Prediction Scoring System (EPSS)

Percentile	0.66738
EPSS Score	0.00508
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:56:27.193402+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/43xxx/CVE-2025-43960.json	38.6.0