GCVE - cpe:2.3:a:adminer:adminer:4.8.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:adminer:adminer:4.8.1:*:*:*:*:*:*:*

part: a version: 4.8.1 update: *

Vendor	Adminer (`831b3fc3-7a9d-56cb-8b1d-ad0e3d9c479a`)
Product	Adminer (`40ae6147-a315-59f7-81f1-2a9262459466`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/adminer`	purl2cpe	2026-06-01 10:16:30.202177
`pkg:deb/ubuntu/adminer`	purl2cpe	2026-06-01 10:16:30.202178
`pkg:docker/adminer`	purl2cpe	2026-06-01 10:16:30.202179
`pkg:github/vrana/adminer`	purl2cpe	2026-06-01 10:16:30.202181
`pkg:rpm/opensuse/adminer`	purl2cpe	2026-06-01 10:16:30.202182
`pkg:sourceforge/adminer`	purl2cpe	2026-06-01 10:16:30.202184

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-43960`	vulnerable	2026-06-08 07:25:10.501089	Details available Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention. Published: 2025-08-25T00:00:00.000Z Updated: 2025-08-25T13:39:13.594Z Open on db.gcve.eu Reference links https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2 https://www.adminer.org https://github.com/Seldaek/monolog https://github.com/far00t01/CVE-2025-43960	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.